[j-nsp] Routing Engine Protection
Roger Wiklund
roger.wiklund at gmail.com
Thu Sep 17 13:24:11 EDT 2020
Hi
Here's the general behaviour in Junos: (routing)
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547
<https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547>However,
QFX5k is different:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/bridging-vrf-qfx-series-cli.html
Note: The QFX5100, QFX5110, and QFX5200 switches do not depend on the VRF
match for loopback filters configured at different routing instances.
Loopback filters per routing instance (such as lo0.100, lo0.103, lo0.105)
are not supported and may cause unpredictable behavior. We recommend that
you apply the loopback filter to the lo0.0 (master routing instance) only.
Regards
Roger
On Thu, Sep 17, 2020 at 3:22 PM Cristian Cardoso <
cristian.cardoso11 at gmail.com> wrote:
> Hi
> I am trying to create a firewall filter to protect the routing engine
> only in a routing-instance, and with that I apply the firewall filter
> in the lo0.1 interface.
> I noticed that when applying the filter that in theory should only
> apply to the routing-instance, it also ends up dropping packets that
> come to lo0.0, is Junos supposed to work that way?
>
> Best Regards
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list