On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
> Actually I think I'm confused. I think it will just work. Because even
> as the EgressPE does IP lookup due to table-label, the IP lookup still
> points to egressMAC, instead looping back, because it's doing it in
> the CleanVRF.
> So I think it jus
On 4/3/24 08:45, Saku Ytti wrote:
Actually I think I'm confused. I think it will just work. Because even
as the EgressPE does IP lookup due to table-label, the IP lookup still
points to egressMAC, instead looping back, because it's doing it in
the CleanVRF.
So I think it just works.
So OP ju
On Wed, 3 Apr 2024 at 09:37, Mark Tinka via juniper-nsp
wrote:
> At old job, we managed to do this with a virtual-router VRF that carried
> traffic between the scrubbing PE and the egress PE via MPLS, to avoid
> the IP loop.
Actually I think I'm confused. I think it will just work. Because even
On 4/3/24 08:07, Saku Ytti via juniper-nsp wrote:
If I understand you correctly, the problem is not that you can't copy
direct into CleanVRF, the problem is that ScrubberPE that does clean
lookup in in CleanVRF, has label stack of [EgressPE TableLabel],
instead of [EgressPE EgressCE], this ca
On Tue, 2 Apr 2024 at 18:25, Michael Hare via juniper-nsp
wrote:
> We're a US research and education ISP and we've been tasked for coming up
> with an architecture to allow on premise DDoS scrubbing with an appliance.
> As a first pass I've created an cleanL3VPN routing-instance to function a
Barry,
Thanks for the link. I had to laugh at this: 'you are tired of arguing with
your network architecture team (“we are here to transport packets” vs “the
Internet firewall” ;-)'. 20 years later, that still rings awfully true for me.
This diagram accurately displays how I've built a dirty
On Tue, Apr 02, 2024 at 07:43:01PM +0300, Alexandre Snarskii via juniper-nsp
wrote:
> On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote:
>
> Hi!
>
> Workaround that we're using (not elegant, but working): setup a
> "self-pointing" routes to directly connected destinat
On Tue, Apr 02, 2024 at 03:25:21PM +, Michael Hare via juniper-nsp wrote:
Hi!
Workaround that we're using (not elegant, but working): setup a
"self-pointing" routes to directly connected destinations:
set routing-options static route A.B.C.D/32 next-hop A.B.C.D
and export these to cleanL3V
Hi there,
We're a US research and education ISP and we've been tasked for coming up with
an architecture to allow on premise DDoS scrubbing with an appliance. As a
first pass I've created an cleanL3VPN routing-instance to function as a clean
VRF that uses rib-groups to mirror the relevant par
9 matches
Mail list logo