[j-nsp] Separate internet transit network versus converged

Saku Ytti saku at ytti.fi
Tue Mar 29 07:22:34 EDT 2016

On 29 March 2016 at 05:35, Mark Tees <marktees at gmail.com> wrote:

> I like the separated edge functionality and a BGP free core is what we
> are aiming for.

If you have sufficient organic edge density for 2 or more devices or
if the CAPEX of edge is almost irrelevant to the TCO it is probably
easy to justify separate edge with just BGP UPDATE argument. It has
happened before several times and no reason to suspect it won't happen
in future that weird BGP UPDATE from Internet will crash your rpd.
Justifying separate core, or using overlay core, imho is harder. I
would definitely use converged core if BGP-free core is an option.

> Will definitely at bare minimum have separate RR's be it VPNv4 or plain inet.

ACK. If you're just now buying, do me a favour and use your buying as
leverage to get TCP-AO + BGP allow working :). I'd love to run RR's
with 'BGP allow <loops_cidr> but I'd also want TCP-AO security until
MacSec is universally available. Today in JunOS TCP-AO and BGP-allow
are mutually exclusive and I value 'BGP allow' more, because it
removes the need for touching RR boxes during removal/adding PE boxes.


More information about the juniper-nsp mailing list