[j-nsp] Dynamic blocklists/blacklists...?
Jared Mauch
jared at puck.nether.net
Tue Aug 16 13:22:36 EDT 2005
On Tue, Aug 16, 2005 at 11:15:18AM -0600, Michael Loftis wrote:
>
>
> --On August 10, 2005 12:02:21 PM -0400 Phil Shafer <phil at juniper.net> wrote:
>
> > Michael Loftis writes:
> >> Is there any BCP for maintaining automatic blocklists in JunOS?
> >
> > Unfortunately not. We've got reasonable hooks in JUNOS for automation
> > for need to write them up as a cohesive guide. The general advice
> > would be:
>
> To me....it just seems far easier to have the route server broadcast the
> data via iBGP...
So would something like this help?
http://www.tcb.net/draft-marques-idr-flow-spec-00.txt
> >> I need to
> >> be able to have entries added quickly and automatically, but the problem
> >> is any time an entry is added to say a prefix list everything gets
> >> HUPed...this is mostly fine except that the ntp will never sync in an env
> >> where anything is slightly busy since it keeps getting HUP signals.
> >
> > Modern sw uses what we call a "partial" commit, so daemon's whose
> > configuration hasn't changed are not HUP'd.
>
> I'm not entirely sure this is the case. My NTPd is definitely being
> disturbed almost every time I commit. I can't say every time because I
> haven't been watching it like a hawk, but I'll start to correllate data
> now. If I get enough data for a bug report I'll open a JTAC case.
Yeah, this should just get fixed (IMHO), it's been a "bug" for
some time that ntpd gets killed/restarted.
- jared
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the juniper-nsp
mailing list