[j-nsp] Improving EBGP defaults: sideloading RFC 8212 on Junos

[Job Snijders]

Dear all,

Currently, out of the box, a device running Junos will accept any routes
and announce any routes on EBGP session when no import or export policy is
defined for that neighbor. This oftentimes is not the appropriate behavior
in context of Internet routing as it can easily result in full table route
leaks.

Adam Chappell created an interesting shim to improve the default behaviour
related to EBGP Internet routing on Juniper Junos via a commit script. You
can download the SLAX script here:
https://github.com/packetsource/rfc8212-junos

The commit script ensures an implicit “deny-any” policy is provisioned on
all EBGP sessions for either the import or export direction (or both) if
the respective import/export policies are absent. In other words: if you
forget to configure an export policy statement, the commit script ensure a
deny-any export statement is put in place. This protects both yourself and
your neighbor!

Props to both Adam for creating the script and to Juniper for allowing such
permissionless patching! This is cool!

Some background info on RFC 8212 can be found here:
https://medium.com/@jobsnijders/heads-up-rfc-8212-on-default-ebgp-route-handling-behavior-6146931f0fa3


Kind regards,

Job
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Inline J-Flow on MX104

[Vincent Bernat]

Hello,

I am trying to understand the impact of enabling inline J-Flow on the
MX104. There are various reports this could impact performance
negatively.

My oldest chassis are running 13.3R8. The release notes say about known
issues:

 - Performance degradation of 8 percent is observed on the maximum
   packet per second supported of J-Flow records exported. PR949965
 - Performance degradation of 8 percent is observed on the maximum
   packet per second supported of J-Flow records exported. PR950101

I don't have access to those PR. It is unclear for me if the performance
degradation is on the total bandwidth of the chassis or if there is an 8%
slow down on latency.

There are various reports saying this feature will also impact BGP
convergence times (which are already not great, notably on 13.3):

 http://seclists.org/nanog/2016/Mar/303
 https://lists.gt.net/nsp/juniper/53823#53823

They mention PR836197 which is marked resolved in 13.2R1. Can I then
expect J-Flow to not have a negative impact on 13.3R8? Or are there any
known issues solved in more recent versions?

Thanks!
-- 
Use variable names that mean something.
- The Elements of Programming Style (Kernighan & Plauger)
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp