[j-nsp] flowspec in logical-systems

Thomas Bellman bellman at nsc.liu.se
Sun Apr 9 11:27:37 EDT 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2017-04-07 20:43, Aaron Gould wrote:

> Do you all use logical-systems in your operational network?  How pleased are
> you with them?  I have an MX104 with about 8 lsys's and I am using it for a
> study lab and love it.

Our ISP uses logical systems on their CPE routers to provide their
customers (us) access to them, so we don't have to e.g buy routers
with BGP licenses.  We can also use them as part of our core network,
if we so wish; just pay for the extra linecards if what they provide
by default is not enough.

(Actually, since they upgraded from MX80 to MX480 as CPE routers last
year, we customers get to use the main instance, and our ISP has a
logical system which they use for their purposes.  But they are the
NREN, and we are universities, so they trust us to not abuse it.  A
commercial ISP might be more reluctant of doing it that way...)

At our site, we have also created a logical system for managing what
is essentially just a VRF.  The intent was to be able to let some
persons manage that without being able to affect the rest of the
configuration and screw up the entire university's network, and also
to separate out that part, so it doesn't clutter up the rest of the
configuration.


> I envision being able to cleanly separate router functions in my network for
> P or PE type things... and uplink PE to P using a lt-0/0/0 interface with
> mpls on it.

You should be aware that there are some limitations to logical systems,
and they aren't quite as independant and isolated as one might expect.
I believe for example that you can't do netflow or multi-chassis LAG in
an lsys.  And SNMP monitoring is configured in the main instance, not
per logical system.  (You can limit SNMP communities to specific logical
systems, but it can break SNMP monitoring in other ways; I don't remeber
the details about this, though.)

Also, traffice over logical tunnel interfaces, has to go via the
backplane, which may limit the bandwidth you can use.  At least with
the linecards we have in "our" MX480, we are limited to 65 Gbit/s for
such traffic.  Thus, we as a customer talk BGP with ISP's core router
in their POP elsewhere in the city, not with the ISP's logical system
in the CPE router over a logical tunnel interface.  (We don't use
enough bandwidth for this to be a practical problem at the moment,
though.)

If you just want to separate configuration into related chunks, then
using groups might be a viable alternative to logical systems.  And
you don't need MX class hardware. :-)  I use that on the QFX5100:s I
have as core router/switches at my department.  Then I can use
'show configuration groups FOO' to see everything concerning FOO,
without having to wade through everything that concerns FIE or FUM.


- -- 
Thomas Bellman,  National Supercomputer Centre,  Linköping Univ., Sweden
"Life IS pain, highness.  Anyone who tells   !  bellman @ nsc . liu . se
 differently is selling something."          !  Make Love -- Nicht Wahr!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJY6lLpAAoJEGqUdKqa3HTs3jgP/1tDEWvyvlPC718QttOJAJbm
Hqqy2n15jkAgFipiSmunWYvpGHxN6s/aEX5D0vEzf89FNeqWVF7ge8QnVEnW06oC
M8Ze0MFEpSAKRzD91/7zXGZ1nBMAX6u3VOj/AQJ85fCVtWeM4vKTDw4V7kvZBdl/
fimxrfWx9vqp0pn4ICtQ35QTgFbUqnNVMNsnwxV/ganOmEaOEjUvkPuISvswDueP
/WYBlzmpRMPd4VP87byr9AujoBi/LxLuY5HWw57EwKeoMxF2XS9W0cGg0CK2JSEE
xlXJSgkCn33zf7HrhlwyzIUSiM3y/anH3R1v0isBRqbcON4tbWKwmYi9xw+7KoIr
LIMwB2bfHWWwSXiWNnia5WlqrXhEpzqYA3h6NxWvKCvVtxW1Y2y4aBThHuLmbooB
X2vPdQjhT3CCrMBc8nllRFfIncVyrbOUDlfLs7M9aDW53FURaa+s/7NuvboxEzP9
J1+grkMXguKBlRSPAEehHW7y+dVOooaKi7kAt1R94xDfgBT91VAqgKkm3o85r4rb
9SVyoqRVamN7brZls3FzCWItnFpiTPOc4vcmudHv5aaks3ne1dnQH1Zl9RVs/fcI
Ks+tzcfcUePMwMHeH9TcG9CYWsoan+ud0on5BX44EdDPAC3Krrb6/gZPKknegp6Q
XdrlmQZc4s1o2Tgdu+vJ
=Xg8H
-----END PGP SIGNATURE-----


More information about the juniper-nsp mailing list