[j-nsp] JunOS, MPLS and WXC ISM 200
Ben Dale
bdale at comlinx.com.au
Tue Oct 6 19:32:27 EDT 2009
In JUNOS 9.6, you have the ability to configure "Selective Stateless
Packet-Based Services" or basically support flow-mode and packet-mode
on the same interface, depending on the traffic type being presented.
In a nutshell, you create a firewall filter (stateless JUNOS-style FF,
not a JUNOS-ES security policy) which has an action of packet-mode.
This is applied to an interface and is triggered prior to the traffic
being processed by the security/flow engine.
http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-admin-guide/frameset.html
Cheers,
Ben
On 07/10/2009, at 8:58 AM, Ivan c wrote:
Hi, not sure if this questions was posted, trying again.
Looking into enabling MPLS for some testing, but I haven't been able
to find any info as to whether a WXC card will function once a J6350
(v9.4) has had MPLS enabled? I am assuming that since the WXC operates
in session mode, the enabling of MPLS and packet mode would stop the
WXC from working?
I noted this on the doco site:
Caution: When MPLS is enabled on your router, all security features
such as security policies, zones, NAT, ALGs, chassis clustering,
screens, firewall authentication, and IPsec VPNs are unavailable. For
more information on the data path for security features, see JUNOS
Software Security Configuration Guide.
http://www.juniper.net/techpubs/software/junos-security/junos-security94/junos-security-swconfig-interfaces-and-routing/frameset.html
Thanks
Ivan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list