ACK. Which is common in the industry, lot, probably most boxes are not edge L3 compatible. Inclusive all the BRCM super cost-effective 10/100GE boxes.
We don't even have to think about malicious users, what happens when my BGP customer has L2 loop? Entirely reasonable to think they'll inject 1.48Mpps of BGP to me. Heck, I've created L2 loop or two accidentally. On 12 December 2017 at 11:12, <adamv0...@netconsultings.com> wrote: > Good point actually, and there's the fact that one can't block the protocol > if not used. > So I guess one has to burry these in the core and rely on flawless iACLs > > adam > > netconsultings.com > ::carrier-class solutions for the telecommunications industry:: > >> -----Original Message----- >> From: Saku Ytti [mailto:s...@ytti.fi] >> Sent: Tuesday, December 12, 2017 9:08 AM >> To: adamv0...@netconsultings.com >> Cc: Brendan Mannella; juniper-nsp@puck.nether.net >> Subject: Re: [j-nsp] QFX5100 ACLs >> >> Policer on term which does not discriminate good and bad only gives attacker >> an leverage by reducing the pps/bps demand to congest the good? >> >> >> On 12 December 2017 at 10:21, <adamv0...@netconsultings.com> wrote: >> >> Of Saku Ytti >> >> Sent: Monday, December 11, 2017 2:46 PM >> >> >> >> Someone pointed this to me - >> >> https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145 >> >> >> > Are there any "sensible" policers defined for these "70 such hardware >> > filters, which target different protocols"? >> > >> > adam >> > >> > netconsultings.com >> > ::carrier-class solutions for the telecommunications industry:: >> > >> >> >> >> -- >> ++ytti > -- ++ytti _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
