[j-nsp] Core network design for an ISP

Adam Vitkovsky Adam.Vitkovsky at gamma.co.uk
Fri Mar 25 16:52:38 EDT 2016


> Saku Ytti [mailto:saku at ytti.fi]
> Sent: Friday, March 25, 2016 7:56 PM
>
> On 25 March 2016 at 21:39, Adam Vitkovsky
> <Adam.Vitkovsky at gamma.co.uk> wrote:
>
> >> I believe Luis refers to FIB localisation introduced in 12.3:
> >>
> http://www.juniper.net/documentation/en_US/junos15.1/topics/concept/f
> >> ib-localization-overview.html>
> >>
> > Hmm interesting concept -then with this feature enabled where would the
> VRF filter be executed on FIB-remote PFE or FIB-local PFE?
>
> I'm not big fan, due to the potential multiple NPUs involved in lookups and
> multiple fabric travels. I'm not intimately familiar with the feature though.
>
Not a fan of VRF based features or localization
As far as I know you'll get involved with lookups on multiple NPUs either way, though I'm not aware of any multiple fabric travels (apart from m-cast replication god forbid :) )

> > Sorry I wasn’t clear I meant how the box performs when under DDoS
> attack.
>
> Do you mean transit DDoS? With proper QoS, should be fine.
>
Yeah transit DDoS and how it flows through the chassis along VPN traffic, well "should be fine" but have anyone tested this actually please?


> > But yeah I guess I know what you mean with regards to lo0 filters I've been
> there, what I miss in Junos is the ability to say that only defined interfaces
> can be used to access the box. So one has to be very careful with the filter
> construction as well as understand the lo0 filter applicability rules posted
> here recently.
>
> You could use interface-groups, they are mutually exclusive with some
> forwarding filters though. I've previously used interface-groups to mark edge
> interfaces with 'privileged' access to control-plane, such like DHCP.
>
Not familiar with interface-groups but wouldn't want to restrict myself with such an elemental thing I guess.

adam



        Adam Vitkovsky
        IP Engineer

T:      0333 006 5936
E:      Adam.Vitkovsky at gamma.co.uk
W:      www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of this email are confidential to the ordinary user of the email address to which it was addressed. This email is not intended to create any legal relationship. No one else may place any reliance upon it, or copy or forward all or any of it in any form (unless otherwise notified). If you receive this email in error, please accept our apologies, we would be obliged if you would telephone our postmaster on +44 (0) 808 178 9652 or email postmaster at gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with limited liability, with registered number 04340834, and whose registered office is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.




More information about the juniper-nsp mailing list