[j-nsp] QFX5100 ACLs
adamv0025 at netconsultings.com
adamv0025 at netconsultings.com
Tue Dec 12 04:12:54 EST 2017
Good point actually, and there's the fact that one can't block the protocol if not used.
So I guess one has to burry these in the core and rely on flawless iACLs
adam
netconsultings.com
::carrier-class solutions for the telecommunications industry::
> -----Original Message-----
> From: Saku Ytti [mailto:saku at ytti.fi]
> Sent: Tuesday, December 12, 2017 9:08 AM
> To: adamv0025 at netconsultings.com
> Cc: Brendan Mannella; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] QFX5100 ACLs
>
> Policer on term which does not discriminate good and bad only gives attacker
> an leverage by reducing the pps/bps demand to congest the good?
>
>
> On 12 December 2017 at 10:21, <adamv0025 at netconsultings.com> wrote:
> >> Of Saku Ytti
> >> Sent: Monday, December 11, 2017 2:46 PM
> >>
> >> Someone pointed this to me -
> >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145
> >>
> > Are there any "sensible" policers defined for these "70 such hardware
> > filters, which target different protocols"?
> >
> > adam
> >
> > netconsultings.com
> > ::carrier-class solutions for the telecommunications industry::
> >
>
>
>
> --
> ++ytti
More information about the juniper-nsp
mailing list