[j-nsp] Core network design for an ISP

Saku Ytti saku at ytti.fi
Fri Mar 25 13:50:00 EDT 2016

On 25 March 2016 at 19:42, Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk> wrote:

Hey Adam,

> My understanding is that MX does not support(yet) "selective VRF download" (don't know the juniper name for the feature)
> Anyways Cisco stopped using it as it was causing more problems than it solved.

I believe Luis refers to FIB localisation introduced in 12.3:

> Also since you folks talk about converged networks that is mixing services and internet on one network -have you tested how the kit performs in corner cases (DDoS), would love to hear your experiences.

I've tried to punish MX in lab quite a bit and have found issues in
ddos-protection behaviour, some very dramatic. But today, AFAIK,
correctly configured MX is very robust against control-plane attacks,
much more so than ASR9k. But out-of-the-box ASR9k is much better
defended. And I've not yet read any lo0 filter anywhere which isn't
fundamentally broken, including cymry secure templates.


More information about the juniper-nsp mailing list