[j-nsp] Core network design for an ISP
saku at ytti.fi
Fri Mar 25 13:50:00 EDT 2016
On 25 March 2016 at 19:42, Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk> wrote:
> My understanding is that MX does not support(yet) "selective VRF download" (don't know the juniper name for the feature)
> Anyways Cisco stopped using it as it was causing more problems than it solved.
I believe Luis refers to FIB localisation introduced in 12.3:
> Also since you folks talk about converged networks that is mixing services and internet on one network -have you tested how the kit performs in corner cases (DDoS), would love to hear your experiences.
I've tried to punish MX in lab quite a bit and have found issues in
ddos-protection behaviour, some very dramatic. But today, AFAIK,
correctly configured MX is very robust against control-plane attacks,
much more so than ASR9k. But out-of-the-box ASR9k is much better
defended. And I've not yet read any lo0 filter anywhere which isn't
fundamentally broken, including cymry secure templates.
More information about the juniper-nsp