[j-nsp] Core network design for an ISP
Saku Ytti
saku at ytti.fi
Fri Mar 25 13:50:00 EDT 2016
On 25 March 2016 at 19:42, Adam Vitkovsky <Adam.Vitkovsky at gamma.co.uk> wrote:
Hey Adam,
> My understanding is that MX does not support(yet) "selective VRF download" (don't know the juniper name for the feature)
> Anyways Cisco stopped using it as it was causing more problems than it solved.
I believe Luis refers to FIB localisation introduced in 12.3:
http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/fib-localization-overview.html>
> Also since you folks talk about converged networks that is mixing services and internet on one network -have you tested how the kit performs in corner cases (DDoS), would love to hear your experiences.
I've tried to punish MX in lab quite a bit and have found issues in
ddos-protection behaviour, some very dramatic. But today, AFAIK,
correctly configured MX is very robust against control-plane attacks,
much more so than ASR9k. But out-of-the-box ASR9k is much better
defended. And I've not yet read any lo0 filter anywhere which isn't
fundamentally broken, including cymry secure templates.
--
++ytti
More information about the juniper-nsp
mailing list