[j-nsp] In Search of the Optimal RE Protect Filter - A Journey
Clarke Morledge
chmorl at wm.edu
Fri Aug 26 11:38:25 EDT 2011
Daniel,
I would love to be proven wrong on this, but I do not think you can use
"family any" filters on the lo0 interface. You can only use "family
inet" filters, and presumably you could use "family inet6" (haven't tested
that). Other filters do not work since the packet headers probably get
stripped off before hitting the RE.
In other words, you can not look at ARPs, spanning tree, or any other
non-IP stuff coming into the RE via the loopback interface. At least, I
haven't figured out a way to do that on the MX platform. You would have
to grab that using bridge type filters on L2 interfaces on your platform.
Pretty annoying if you ask me.
Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
More information about the juniper-nsp
mailing list