[j-nsp] Going Juniper

Ross Halliday ross.halliday at wtccommunications.ca
Tue Apr 17 22:13:36 EDT 2018


Indeed, I remember our discussions on the topic before! I still haven't made much headway. It's worth pointing out, though, that the "not configured" state can pop up when you least expect it, such as an aggregate filtering action applied after a broadcast storm (which you THOUGHT you fixed, but for some reason a bunch of stuff doesn't work still and you can't get into the box and aren't sure why). Good to watch out for since a network where unexpected things don't happen isn't connected to anything and certainly doesn't have any administrators ;)

 - Ross

-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net] 
Sent: Tuesday, April 17, 2018 7:39 PM
To: Saku Ytti
Cc: Ross Halliday; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Going Juniper



> On Apr 17, 2018, at 7:02 PM, Saku Ytti <saku at ytti.fi> wrote:
> 
> 
> DDoS protection out-of-the-box is for all practical purposes not
> configured at all, which is unfortunate as that is what most people
> run. When configured correctly Trio has best CoPP I know of in the
> market, certainly better than Cisco or Arista have.

I do wish that Juniper would look at what IOS-XR has done to make
configuring it much easier out of the box.  An ASR 9K w/ default LPTS
is much nicer than a Juniper with default firewall filters.

- Jared


More information about the juniper-nsp mailing list