[j-nsp] Routing Engine Protection
Cristian Cardoso
cristian.cardoso11 at gmail.com
Thu Sep 17 14:40:36 EDT 2020
Hello
Rolf, I followed your suggestion and it worked as expected.
Thank you very much
Em qui., 17 de set. de 2020 às 14:24, Roger Wiklund
<roger.wiklund at gmail.com> escreveu:
>
> Hi
>
> Here's the general behaviour in Junos: (routing)
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB23547
>
> However, QFX5k is different:
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/bridging-vrf-qfx-series-cli.html
>
> Note: The QFX5100, QFX5110, and QFX5200 switches do not depend on the VRF match for loopback filters configured at different routing instances. Loopback filters per routing instance (such as lo0.100, lo0.103, lo0.105) are not supported and may cause unpredictable behavior. We recommend that you apply the loopback filter to the lo0.0 (master routing instance) only.
>
> Regards
> Roger
>
> On Thu, Sep 17, 2020 at 3:22 PM Cristian Cardoso <cristian.cardoso11 at gmail.com> wrote:
>>
>> Hi
>> I am trying to create a firewall filter to protect the routing engine
>> only in a routing-instance, and with that I apply the firewall filter
>> in the lo0.1 interface.
>> I noticed that when applying the filter that in theory should only
>> apply to the routing-instance, it also ends up dropping packets that
>> come to lo0.0, is Junos supposed to work that way?
>>
>> Best Regards
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list