[j-nsp] Core network design for an ISP
Saku Ytti
saku at ytti.fi
Fri Mar 25 11:37:21 EDT 2016
On 25 March 2016 at 17:28, Raphael Mazelier <raph at futomaki.net> wrote:
> What the point to separate upstream and downstream port on different MPC ?
> (apart FIB size)
If you've cocked up your lo0/ddos-protection config (have not yet seen
network which has not) customer side attack won't bring your device
down if it's on different mpc, as there is build-in policer from
npu=>lc_cpu, so lc_cpu can only offer known amount of traffic to RE,
which is not enough to congest you.
It's minor benefit and I wouldn't separate MPCs based on this. Only
reason I'd do edge/core MPC separation if I'm anyhow going to have
enough MPC/ports to pull it off without extra CAPEX, then it would be
no brainer.
--
++ytti
More information about the juniper-nsp
mailing list