[j-nsp] Routing Engine Protection

Roger Wiklund roger.wiklund at gmail.com
Thu Sep 17 13:24:11 EDT 2020


Hi

Here's the general behaviour in Junos: (routing)
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547

<https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547>However,
QFX5k is different:
https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/bridging-vrf-qfx-series-cli.html

Note: The QFX5100, QFX5110, and QFX5200 switches do not depend on the VRF
match for loopback filters configured at different routing instances.
Loopback filters per routing instance (such as lo0.100, lo0.103, lo0.105)
are not supported and may cause unpredictable behavior. We recommend that
you apply the loopback filter to the lo0.0 (master routing instance) only.

Regards
Roger

On Thu, Sep 17, 2020 at 3:22 PM Cristian Cardoso <
cristian.cardoso11 at gmail.com> wrote:

> Hi
> I am trying to create a firewall filter to protect the routing engine
> only in a routing-instance, and with that I apply the firewall filter
> in the lo0.1 interface.
> I noticed that when applying the filter that in theory should only
> apply to the routing-instance, it also ends up dropping packets that
> come to lo0.0, is Junos supposed to work that way?
>
> Best Regards
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list