[j-nsp] JunOS, MPLS and WXC ISM 200

Ben Dale bdale at comlinx.com.au
Tue Oct 6 19:32:27 EDT 2009

In JUNOS 9.6, you have the ability to configure "Selective Stateless  
Packet-Based Services" or basically support flow-mode and packet-mode  
on the same interface, depending on the traffic type being presented.

In a nutshell, you create a firewall filter (stateless JUNOS-style FF,  
not a JUNOS-ES security policy) which has an action of packet-mode.   
This is applied to an interface and is triggered prior to the traffic  
being processed by the security/flow engine.




On 07/10/2009, at 8:58 AM, Ivan c wrote:

Hi, not sure if this questions was posted, trying again.

Looking into enabling MPLS for some testing, but I haven't been able
to find any info as to whether a WXC card will function once a J6350
(v9.4) has had MPLS enabled? I am assuming that since the WXC operates
in session mode, the enabling of MPLS and packet mode would stop the
WXC from working?

I noted this on the doco site:

Caution: When MPLS is enabled on your router, all security features
such as security policies, zones, NAT, ALGs, chassis clustering,
screens, firewall authentication, and IPsec VPNs are unavailable. For
more information on the data path for security features, see JUNOS
Software Security Configuration Guide.

juniper-nsp mailing list juniper-nsp at puck.nether.net

More information about the juniper-nsp mailing list