[j-nsp] Junos EVO RE Filters
Saku Ytti
saku at ytti.fi
Tue Jun 18 12:20:12 EDT 2024
On Tue, 18 Jun 2024 at 18:56, Jason Iannone via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:
> I suppose the root question is do I have to apply a management filter on my
> transit interfaces for in-band management traffic? Does ACX have a new (not
> fxp1) relationship between the RE and the external re0:mgmt-0/em0/fxp0 in
> the management interface in the ACX?
No. Lo filter applies to traffic ingressing from revenue/NPU ports,
but unlike Junos classic, Lo filter does not apply to traffic
ingressing from MGMT ETH.
I wouldn't worry much about this. The MGMT filters have always been
software, for obvious reasons, and are not very useful. Don't use the
MGMT ETH. If you must, just make it clean on the other side, by not
accepting trash in from any client side.
If you must use MGMT ETH, keep asking your vendors for true lights out
ethernet, with its own CPU, DRAM and storage.
--
++ytti
More information about the juniper-nsp
mailing list