[j-nsp] M7i w/ASM for cflowd / fw

[Rutger Bevaart]

hello list,

I am slightly confused as to the features offered by the ASM. Ideally I
would like to use an M7i as a ASBR, collecting data to cflowd for DDOS and
traffic analysis and protecting the infrastructure using firewall rules to
block outside access to the control-plane of the AS infrastructure (not
just this router, but all loopbacks and interfaces of all routers witin
the AS).

Now, from the Juniper docs I understand that in order to use JFlow I need
to add an ASM to the config (additional $10K) which includes the JFlow
license (foregoing the NAT/FW) thing. Can I export cflowd compatible data
just using 'accounting' or does that also use/require the ASM?

Can control-plane protection be implemented on just the RE, or is the ASM
mandatory for that? Suppose I want to ACL telnet/ssh access to a couple of
subnets internal to the AS for all external IP's, could that be done using
a simple RE solution or is the ASM required for that?

Coming from another vendor's view of the world it is sometimes difficult!

Thanks for any replies,
Rutger