Good point actually, and there's the fact that one can't block the protocol if not used. So I guess one has to burry these in the core and rely on flawless iACLs
adam netconsultings.com ::carrier-class solutions for the telecommunications industry:: > -----Original Message----- > From: Saku Ytti [mailto:s...@ytti.fi] > Sent: Tuesday, December 12, 2017 9:08 AM > To: adamv0...@netconsultings.com > Cc: Brendan Mannella; juniper-nsp@puck.nether.net > Subject: Re: [j-nsp] QFX5100 ACLs > > Policer on term which does not discriminate good and bad only gives attacker > an leverage by reducing the pps/bps demand to congest the good? > > > On 12 December 2017 at 10:21, <adamv0...@netconsultings.com> wrote: > >> Of Saku Ytti > >> Sent: Monday, December 11, 2017 2:46 PM > >> > >> Someone pointed this to me - > >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145 > >> > > Are there any "sensible" policers defined for these "70 such hardware > > filters, which target different protocols"? > > > > adam > > > > netconsultings.com > > ::carrier-class solutions for the telecommunications industry:: > > > > > > -- > ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp