[j-nsp] GRE tunnels on a QFX10002-60C

[Saku Ytti]

On Fri, 24 Jun 2022 at 10:54, Mark Tinka via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:> After failing to get Netscout to
natively support IS-IS, we came up with

> a rather convoluted - but elegant - way to transport on-ramp/off-ramp
> traffic into and out of our scrubbers.
>
> Basically, we use lt-* (logical tunnel) interfaces that sit both in the
> global table and a VRF. We loop them to each other, and use IS-IS + BGP
> + LDP to tunnel traffic natively using MPLS-based LSP's signaled by LDP
> (as opposed to GRE), so that traffic an always follow the best IS-IS +
> iBGP path, without the hassle of needing to run GRE between routers and
> scrubbers.

Many ways to skin the cat. If you can dedicate small router to the
scrubber (or routing-instance if you can't) and you run BGP-LU, so you
avoid useless egress IP lookup, you just ensure that the scrubber PE
or scrubber instance doesn't have the more specific routes, then it'll
follow the BGP-LU path to egress CE.
You can scrub any and all prefixes, without any scale implications as
you never need to touch the network to handle clean traffic.

-- 
  ++ytti