[j-nsp] L3VPNs and on-prem DDoS scrubbing architecture
Tom Beecher
beecher at beecher.cc
Wed Apr 3 12:06:07 EDT 2024
>
> but a BGP-LU solution exists even for this problem.
>
My first thought was also to use BGP-LU.
On Wed, Apr 3, 2024 at 2:58 AM Saku Ytti via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:
> On Wed, 3 Apr 2024 at 09:45, Saku Ytti <saku at ytti.fi> wrote:
>
> > Actually I think I'm confused. I think it will just work. Because even
> > as the EgressPE does IP lookup due to table-label, the IP lookup still
> > points to egressMAC, instead looping back, because it's doing it in
> > the CleanVRF.
> > So I think it just works.
>
> > routing-options {
> > interface-routes {
> > rib-groups {
> > cleanVRF {
> > import-rib [ inet.0 cleanVRF.inet.0 ];
> > import-policy cleanVRF:EXPORT;
> > }}}}
>
> This isn't exactly correct. You need to put the cleanVRF in
> interfacer-quotes and close it.
>
> Anyhow I'm 90% sure this will just work and pretty sure I've done it.
> The confusion I had was about the scrubbing route that on the
> clean-side is already host/32. For this, I can't figure out a cleanVRF
> solution, but a BGP-LU solution exists even for this problem.
>
>
> --
> ++ytti
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list