[j-nsp] Core network design for an ISP

Saku Ytti saku at ytti.fi
Fri Mar 25 11:37:21 EDT 2016

On 25 March 2016 at 17:28, Raphael Mazelier <raph at futomaki.net> wrote:

> What the point to separate upstream and downstream port on different MPC ?
> (apart FIB size)

If you've cocked up your lo0/ddos-protection config (have not yet seen
network which has not) customer side attack won't bring your device
down if it's on different mpc, as there is build-in policer from
npu=>lc_cpu, so lc_cpu can only offer known amount of traffic to RE,
which is not enough to congest you.

It's minor benefit and I wouldn't separate MPCs based on this. Only
reason I'd do edge/core MPC separation if I'm anyhow going to have
enough MPC/ports to pull it off without extra CAPEX, then it would be
no brainer.


More information about the juniper-nsp mailing list