On 29 March 2016 at 05:35, Mark Tees <markt...@gmail.com> wrote: > I like the separated edge functionality and a BGP free core is what we > are aiming for.
If you have sufficient organic edge density for 2 or more devices or if the CAPEX of edge is almost irrelevant to the TCO it is probably easy to justify separate edge with just BGP UPDATE argument. It has happened before several times and no reason to suspect it won't happen in future that weird BGP UPDATE from Internet will crash your rpd. Justifying separate core, or using overlay core, imho is harder. I would definitely use converged core if BGP-free core is an option. > Will definitely at bare minimum have separate RR's be it VPNv4 or plain inet. ACK. If you're just now buying, do me a favour and use your buying as leverage to get TCP-AO + BGP allow working :). I'd love to run RR's with 'BGP allow <loops_cidr> but I'd also want TCP-AO security until MacSec is universally available. Today in JunOS TCP-AO and BGP-allow are mutually exclusive and I value 'BGP allow' more, because it removes the need for touching RR boxes during removal/adding PE boxes. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp