Re: [j-nsp] vpls question

2015-04-26 Thread Ben Dale
Hi James, On 27 Apr 2015, at 5:31 am, james list wrote: > Hi amarjeet > Because if PE1 fails there is faster convergence to PE2 due to neighbor > already established. > Is there a reason you wouldn't consider using an L3VPN instead of a VPLS? It seems odd to me that you would be using L3 adj

Re: [j-nsp] solution to a firewall question

2015-04-26 Thread Ben Dale
Hi Vijesh, On 24 Apr 2015, at 1:18 am, Vijesh Chandran wrote: > Hi all, > I am wondering if we have a solution to this issue. > I need two firewall attached to an interface as input-list. e.g.: f1 and f2. > Input-list [f1 f2] > f1 to match a condition (all tcp port 80) and accept and count

Re: [j-nsp] vpls question

2015-04-26 Thread james list
Hi amarjeet Because if PE1 fails there is faster convergence to PE2 due to neighbor already established. Cheers James Il 24/apr/2015 13:23, "james list" ha scritto: > I have a VPLS multi-homed environment with two MX routers (PE1 and PE2) > connected to a single ethernet switch (CE1). I have PE1

Re: [j-nsp] IPv6 RE protection

2015-04-26 Thread Saku Ytti
On (2015-04-27 02:40 +0800), Amarjeet Singh wrote: > Hello - Security is all or none thing, if something left open risk is > always there. I would describe it less as binary off/on and more as layers. Each layer adding budget requirements to the attacker, but also are increasingly OPEX/CAPEX heav

Re: [j-nsp] IPv6 RE protection

2015-04-26 Thread Amarjeet Singh
Hello - Security is all or none thing, if something left open risk is always there. You should apply IPv6 filters too. Juniper MX series book has very nice example for it, have a peek to it. Br, Amarjeet > > Message: 1 > Date: Sat, 25 Apr 2015 22:36:47 +0200 > From: Cydon Satyr > To: juniper-ns

Re: [j-nsp] IPv6 RE protection

2015-04-26 Thread Mark Tinka
On 26/Apr/15 11:32, Cydon Satyr wrote: > Thanks, I will check those out. > > Do you consider not having IPv6 filter on RE a big security issue? Do you > use it on your routers? Take IPv6 as seriously as you take IPv4 - is my M.O. Mark. ___ juniper-nsp

Re: [j-nsp] IPv6 RE protection

2015-04-26 Thread sthaug
> Do you consider not having IPv6 filter on RE a big security issue? Yes. > Do you use it on your routers? Yes. As an absolute minimum you want to protect against telnet/ssh login attempts towards the router interface addresses. But there's quite a bit more... Steinar Haug, Nethelp consulting,

Re: [j-nsp] IPv6 RE protection

2015-04-26 Thread Cydon Satyr
Thanks, I will check those out. Do you consider not having IPv6 filter on RE a big security issue? Do you use it on your routers? BR On Sun, Apr 26, 2015 at 4:49 AM, Michael Loftis wrote: > > > On Saturday, April 25, 2015, Cydon Satyr wrote: > >> Hello, >> Currently we don't use any IPv6 RE p