[j-nsp] Routing Engine filtering on EX with VRF
Ola Thoresen
ola at nytt.no
Fri Mar 18 16:27:44 EDT 2016
On 18. mars 2016 16:52, Raphael Mazelier wrote:
> Hi folks,
>
>
> Say I have an public IP on a interface in a VRF on a EX4550.
> I can have miss something, but I do not find how placing a good filter
> to protect the RE to be reach via this IP.
>
> I've test setting a loopback with the filter on the vrf, or directly
> set the filter on the family inet stanza of the interface. Nothing
> work (nothing is filtering, which is very bad).
On EX, you should be able to protect the RE using a filter on lo0 in the
main routing instance (not in the VRF itself).
But be aware that this does not work on tha ACX-series (for some strange
reason)...
Rgds.
Ola (T)
More information about the juniper-nsp
mailing list