[j-nsp] Junos EVO RE Filters
Jason Iannone
jason.iannone at gmail.com
Tue Jun 18 12:55:21 EDT 2024
Can always count on you. Thanks.
On Tue, Jun 18, 2024 at 12:20 PM Saku Ytti <saku at ytti.fi> wrote:
> On Tue, 18 Jun 2024 at 18:56, Jason Iannone via juniper-nsp
> <juniper-nsp at puck.nether.net> wrote:
>
> > I suppose the root question is do I have to apply a management filter on
> my
> > transit interfaces for in-band management traffic? Does ACX have a new
> (not
> > fxp1) relationship between the RE and the external re0:mgmt-0/em0/fxp0 in
> > the management interface in the ACX?
>
> No. Lo filter applies to traffic ingressing from revenue/NPU ports,
> but unlike Junos classic, Lo filter does not apply to traffic
> ingressing from MGMT ETH.
>
> I wouldn't worry much about this. The MGMT filters have always been
> software, for obvious reasons, and are not very useful. Don't use the
> MGMT ETH. If you must, just make it clean on the other side, by not
> accepting trash in from any client side.
>
> If you must use MGMT ETH, keep asking your vendors for true lights out
> ethernet, with its own CPU, DRAM and storage.
>
>
> --
> ++ytti
>
More information about the juniper-nsp
mailing list