I highly recommend to not use VCF for any L3/MPLS/etc.
We had a year long battle with it. And it won.
Now that we're back into MPLS territory they're working fine as
hell. And it will only cost us some training for the juniors.
------
But I can confirm that the input-list works with a non VCF setup,
using the entire MPLS Alphabet stack (IS-IS and OSPF based)
-----
Alain Hebert aheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 12/11/17 09:45, Saku Ytti wrote:
Someone pointed this to me -
https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145
No es bueno.
On 4 December 2017 at 18:02, Brendan Mannella <bmanne...@teraswitch.com> wrote:
Hello,
So i have been testing QFX5100 product for use as a core L3 switch/router
with BGP/OSPF. I have my standard RE filter blocking various things
including BGP from any unknown peer. I started to receive errors in my logs
showing BGP packets getting through from hosts that weren't allowed. After
digging around i found that Juniper apparently has built in ACL to allow
BGP, which bypasses my ACLs, probably for VCF or something.. Is there any
way to disable this behavior or does anyone have any other suggestions?
root@XXX% cprod -A fpc0 -c "show filter hw dynamic 47 show_terms"
Filter name : dyn-bgp-pkts
Filter enum : 47
Filter location : IFP
List of tcam entries : [(total entries: 2)
Entry: 37
- Unit 0
- Entry Priority 0x7FFFFFFC
- Matches:
PBMP 0x00000001fffffffffffffffc
PBMP xe
L4 SRC Port 0x000000B3 mask 0x0000FFFF
IP Protocol 0x00000006 mask 0x000000FF
L3DestHostHit 1 1
- Actions:
ChangeCpuQ
ColorIndependent param1: 1, param2: 0
CosQCpuNew cosq: 30
Implicit Counter
Entry: 38
- Unit 0
- Entry Priority 0x7FFFFFFC
- Matches:
PBMP 0x00000001fffffffffffffffc
PBMP xe
L4 DST Port 0x000000B3 mask 0x0000FFFF
IP Protocol 0x00000006 mask 0x000000FF
L3DestHostHit 1 1
- Actions:
ChangeCpuQ
ColorIndependent param1: 1, param2: 0
CosQCpuNew cosq: 30
Implicit Counter
]
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp