[j-nsp] Hyper Mode on MX
Saku Ytti
saku at ytti.fi
Sun Mar 10 11:45:03 EDT 2019
Hey Michael,
> After going back to review what I actually did vs what I thought I did when enabling hyper-mode, I very much got it backwards re icmp redirects. You have to allow redirects to be sent to use hyper-mode. That's a step backwards and a calculated risk to take. I disallow ICMP redirects via firewall filter.
>
> I'm academically curious why this is a requirement (allow icmp redirects to be sent) of hyper-mode.
I think it is just config parsing problem. By manually disabling icmp
redirects the parser reads this as 'you are using redirects, this is
incompatible with hyper-mode'
I don't think you need the FW filter, as hyper-mode does not support
redirects (now, it will later) they are just no-op. But doesn't hurt
either.
--
++ytti
More information about the juniper-nsp
mailing list