[j-nsp] Using a QFX5100 without QFabric?
Andrey Kostin
ankost at podolsk.ru
Fri Oct 27 16:50:01 EDT 2017
Chris Wopat писал 25.10.2017 13:00:
> On 10/24/2017 05:30 PM, Vincent Bernat wrote:
>> ❦ 24 octobre 2017 14:29 -0400, Andrey Kostin <ankost at podolsk.ru> :
>>
> Straight up saying "don't put public IPs on them" doesn't seem like
> the best advice to me. You can certainly do this, we do and it's
> fine.
> When you craft your RE protection filter you just have to squeeze a
> bit more space here or there compared to say, an MX filter. You
> should
> have this enabled weather you're using public IPs or not.
>
> Regarding TCAM programming, it's loud and clear when this happens via
> a console message and a sev0 syslog message.
Yes, that's true, and we spend a decent amount of time packing lo0
filters in a tiny TCAM after discovered that filter input-list silently
allows everything except the first filter and doesn't generate any
complaint.
So, no objection for public IPs but only careful filter planning
required.
--
Kind regards,
Andrey
More information about the juniper-nsp
mailing list