Does anybody know how lo0.0 filter affects to other loopbacks and
routing instances. To be more clear, i have lo0.0 as loopback for MPLS
and internal MBGP, and routing instance with lo0.1 where internet lives.
Also i have lo0.2 for NGN BGP MVPN for PIM.
Should I write filters specific for each
On (2014-01-31 17:51 +0200), Mark Tinka wrote:
> > traceroute.
>
> I open up and limit Traceroute to udp/33434-33523. Haven't
> had any issues thus far.
33434-33534 here, also no complains from customers.
And I fully agree BCP is to allow what you must, drop rest.
Things which you can police
Thanks a lot, Saku.
2014-01-31 Saku Ytti :
> On (2014-01-31 11:02 +0200), Alexander Kasatkin wrote:
>
>> But I don't have any reject action in firewall rules. Please point me
>> to right direction.
>
> This would be any packet which has DADDR pointing to FIB entry with type
> 'reject'.
> In more p
On Friday, January 31, 2014 05:22:39 PM joel jaeggli wrote:
> traceroute.
I open up and limit Traceroute to udp/33434-33523. Haven't
had any issues thus far.
Mark.
signature.asc
Description: This is a digitally signed message part.
___
juniper-nsp m
Depending on your purpose and whether this is a one-off or a
continuing need, JUNOS has a number of tools to help you.
For a simple command, others have already pointed out that
you can pipe commands to ssh. You can also use a command
line to give multiple commands:
ssh my-router "configure;
On 1/31/14, 7:08 AM, Chuck Anderson wrote:
> On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote:
>> http://tools.ietf.org/search/rfc6192
>>
>> has an excellent example recipie for juniper and cisco control-plane
>> protection.
>>
>> it's a good starting off point and it covers the rationa
On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote:
> http://tools.ietf.org/search/rfc6192
>
> has an excellent example recipie for juniper and cisco control-plane
> protection.
>
> it's a good starting off point and it covers the rational behind the
> various elements in detail.
"o
On (2014-01-31 11:02 +0200), Alexander Kasatkin wrote:
> But I don't have any reject action in firewall rules. Please point me
> to right direction.
This would be any packet which has DADDR pointing to FIB entry with type
'reject'.
In more practical terms, destination to which you don't have rout
Hello community,
I've strange behavior of my MX80 (junos version 11.4R8.4) under ddos
attacks. Router drops all bgp sessions (hold timer expiry) with a
3-5gbps ddos. Can someone explain me what a hardware input drops is:
snoop@mx80> show pfe statistics traffic
Packet Forwarding Engine traffic s
Thank You very much,
I've also googled these, look very useful:
http://www.juniper.net/us/en/community/junos/training-certification/day-one/fundamentals-series/securing-routing-engine/
http://cyruslab.net/2012/12/16/juniper-networks-default-configuration-hardening/
http://forums.juniper.net/t5
10 matches
Mail list logo