Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
Thanks Apurva for your information.
From: apurva modh
To: Md. Jahangir Hossain
Cc: "juniper-nsp@puck.nether.net"
Sent: Thursday, August 23, 2012 11:08 AM
Subject: Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
All the Routing engine bound traffic into Juniper is handled through the
loopback interface. So if you apply the input direction filter on the loopback
interface, it would simulate the exact behavior of the control plane filter of
cisco. You dont need to apply "protect routing-engine" filter to physical
interfaces.
Hope this solves your query.
Regards,
On Thu, Aug 23, 2012 at 9:05 AM, Md. Jahangir Hossain
wrote:
Dear all friend:
>
>Wishes all are fine.
>
>I quit new in juniper OS platform . i need some information about juniper
>Control Plan Policy (CoPP). i read the RFC 6192 of Protect Router Control
>Plane which is:
>
>
>http://tools.ietf.org/html/rfc6192#appendix-A.2
>
>
>
>After reading the RFC 6192 i have a little query as like,In cisco router we
>put input policy on control plan.
>
>as like;
>
>control-plane service-policy input COPPBut in Juniper router we put input
>policy into loopback interface according to this RFC .
>
>Here this is:
>
>interfaces { lo0 { unit 0 { family inet { filter input
>protect-router-control-plane; }Based on my question is, how
>juniper router loopback interface control all router control plan ? or i need
>to put this input filter policy individually on different
>interfaces as like:
>
>
>interfaces{ em0 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>
>interfaces { em1 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>it would be nice for me can anyone please confirm me about this configuration .
>
>
>
>
>
>
>
>
>Thanks
>Jahangir Hossain
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
Thanks Doug for your information.
- Original Message -
From: Doug Hanks
To: Md. Jahangir Hossain ; "juniper-nsp@puck.nether.net"
Cc:
Sent: Thursday, August 23, 2012 12:02 PM
Subject: Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
This should walk you through most of your questions:
http://www.juniper.net/us/en/community/junos/training-certification/day-one
/fundamentals-series/securing-routing-engine/
Doug
On 8/22/12 8:35 PM, "Md. Jahangir Hossain" wrote:
>Dear all friend:
>
>Wishes all are fine.
>
>I quit new in juniper OS platform . i need some information about juniper
>Control Plan Policy (CoPP). i read the RFC 6192 of Protect Router
>Control Plane which is:
>
>
>http://tools.ietf.org/html/rfc6192#appendix-A.2
>
>
>
>After reading the RFC 6192 i have a little query as like,In cisco router
>we put input policy on control plan.
>
>as like;
>
>control-plane service-policy input COPPBut in Juniper router we put input
>policy into loopback interface according to this RFC .
>
>Here this is:
>
>interfaces { lo0 { unit 0 { family inet { filter input
>protect-router-control-plane; }Based on my question is, how
>juniper router loopback interface control all router control plan ? or i
>need to put this input filter policy individually on different
>interfaces as like:
>
>
>interfaces{ em0 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>
>interfaces { em1 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>it would be nice for me can anyone please confirm me about this
>configuration .
>
>
>
>
>
>
>
>
>Thanks
>Jahangir Hossain
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
This should walk you through most of your questions:
http://www.juniper.net/us/en/community/junos/training-certification/day-one
/fundamentals-series/securing-routing-engine/
Doug
On 8/22/12 8:35 PM, "Md. Jahangir Hossain" wrote:
>Dear all friend:
>
>Wishes all are fine.
>
>I quit new in juniper OS platform . i need some information about juniper
>Control Plan Policy (CoPP). i read the RFC 6192 of Protect Router
>Control Plane which is:
>
>
>http://tools.ietf.org/html/rfc6192#appendix-A.2
>
>
>
>After reading the RFC 6192 i have a little query as like,In cisco router
>we put input policy on control plan.
>
>as like;
>
>control-plane service-policy input COPPBut in Juniper router we put input
>policy into loopback interface according to this RFC .
>
>Here this is:
>
>interfaces { lo0 { unit 0 { family inet { filter input
>protect-router-control-plane; }Based on my question is, how
>juniper router loopback interface control all router control plan ? or i
>need to put this input filter policy individually on different
>interfaces as like:
>
>
>interfaces{ em0 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>
>interfaces { em1 { unit 0 { family inet { filter input
>protect-router-control-plane; }
>it would be nice for me can anyone please confirm me about this
>configuration .
>
>
>
>
>
>
>
>
>Thanks
>Jahangir Hossain
>___
>juniper-nsp mailing list juniper-nsp@puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] About Juniper Control Plan Policy (CoPP)
All the Routing engine bound traffic into Juniper is handled through the
loopback interface. So if you apply the input direction filter on the
loopback interface, it would simulate the exact behavior of the control
plane filter of cisco. You dont need to apply "protect routing-engine"
filter to physical interfaces.
Hope this solves your query.
Regards,
On Thu, Aug 23, 2012 at 9:05 AM, Md. Jahangir Hossain
wrote:
> Dear all friend:
>
> Wishes all are fine.
>
> I quit new in juniper OS platform . i need some information about juniper
> Control Plan Policy (CoPP). i read the RFC 6192 of Protect Router Control
> Plane which is:
>
>
> http://tools.ietf.org/html/rfc6192#appendix-A.2
>
>
>
> After reading the RFC 6192 i have a little query as like,In cisco router
> we put input policy on control plan.
>
> as like;
>
> control-plane service-policy input COPPBut in Juniper router we put input
> policy into loopback interface according to this RFC .
>
> Here this is:
>
> interfaces { lo0 { unit 0 { family inet { filter input
> protect-router-control-plane; }Based on my question is, how
> juniper router loopback interface control all router control plan ? or i
> need to put this input filter policy individually on different
> interfaces as like:
>
>
> interfaces{ em0 { unit 0 { family inet { filter input
> protect-router-control-plane; }
>
> interfaces { em1 { unit 0 { family inet { filter input
> protect-router-control-plane; }
> it would be nice for me can anyone please confirm me about this
> configuration .
>
>
>
>
>
>
>
>
> Thanks
> Jahangir Hossain
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] About Juniper Control Plan Policy (CoPP)
Dear all friend:
Wishes all are fine.
I quit new in juniper OS platform . i need some information about juniper
Control Plan Policy (CoPP). i read the RFC 6192 of Protect Router Control
Plane which is:
http://tools.ietf.org/html/rfc6192#appendix-A.2
After reading the RFC 6192 i have a little query as like,In cisco router we
put input policy on control plan.
as like;
control-plane service-policy input COPPBut in Juniper router we put input
policy into loopback interface according to this RFC .
Here this is:
interfaces { lo0 { unit 0 { family inet { filter input
protect-router-control-plane; }Based on my question is, how
juniper router loopback interface control all router control plan ? or i need
to put this input filter policy individually on different
interfaces as like:
interfaces{ em0 { unit 0 { family inet { filter input
protect-router-control-plane; }
interfaces { em1 { unit 0 { family inet { filter input
protect-router-control-plane; }
it would be nice for me can anyone please confirm me about this configuration .
Thanks
Jahangir Hossain
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
