On 5 May 2017 at 10:40, "Rolf Hanßen" <n...@rhanssen.de> wrote: > I was wondering if there is maybe even a way to combine that with BGP > advertisement. > I.e. send a route via bgp that is not installed to the fib but referenced > in the filter. > Any idea if that is possible?
Flowspec can do this. But do you really have scrubber attached to each device, or are you willing to do hop-by-hop filtering to get packet where you want it to go? Or is the next-hop labeled and enters LSP towards the next-hop? With LSP I could buy-in to the solution. It seems very NIH solution, when L3 MPLS VPN exists and is very clean and easy to understand solution. And L3 MPLS VPN will easily allow you to have multiple scrubbers and route packets to closest one. And as you add more services, adding new VPNs for each service is very low effort, as BGP already exists, you just need to add the new instance. I think you need to have really strong justification to do anything else but VRF. Your current justification 'sounds far easier to me', is insufficient. -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
