On 4/3/24 18:06, Tom Beecher wrote:
My first thought was also to use BGP-LU.
Would a virtual router with an lt- interface connecting the VRF to the
global table be too expensive?
Mark.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
>
> but a BGP-LU solution exists even for this problem.
>
My first thought was also to use BGP-LU.
On Wed, Apr 3, 2024 at 2:58 AM Saku Ytti via juniper-nsp <
juniper-nsp@puck.nether.net> wrote:
> On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
>
> > Actually I think I'm confused. I think it will
This might be grounds for a feature request to Juniper, if there isn't
already some magic toggle to MakeItGo.
But yeah, the forwarding-table looks suspect, as if it'll do table
lookup, and then will fail to discover the more-specific host-route,
and discard, as the ARP entries are not copied. And
Saku, Mark-
Thanks for the responses. Unless I'm mistaken, short of specifying a selective
import policy, I think I'm already doing what Saku suggests, see relevant
config snippet below. Our clean VRF is L3VPN-4205. But after I saw the lack
of mac based next hops I started searching to see
On Wed, 3 Apr 2024 at 09:45, Saku Ytti wrote:
> Actually I think I'm confused. I think it will just work. Because even
> as the EgressPE does IP lookup due to table-label, the IP lookup still
> points to egressMAC, instead looping back, because it's doing it in
> the CleanVRF.
> So I think it
On 4/3/24 08:45, Saku Ytti wrote:
Actually I think I'm confused. I think it will just work. Because even
as the EgressPE does IP lookup due to table-label, the IP lookup still
points to egressMAC, instead looping back, because it's doing it in
the CleanVRF.
So I think it just works.
So OP
On Wed, 3 Apr 2024 at 09:37, Mark Tinka via juniper-nsp
wrote:
> At old job, we managed to do this with a virtual-router VRF that carried
> traffic between the scrubbing PE and the egress PE via MPLS, to avoid
> the IP loop.
Actually I think I'm confused. I think it will just work. Because even
On 4/3/24 08:07, Saku Ytti via juniper-nsp wrote:
If I understand you correctly, the problem is not that you can't copy
direct into CleanVRF, the problem is that ScrubberPE that does clean
lookup in in CleanVRF, has label stack of [EgressPE TableLabel],
instead of [EgressPE EgressCE], this
On Tue, 2 Apr 2024 at 18:25, Michael Hare via juniper-nsp
wrote:
> We're a US research and education ISP and we've been tasked for coming up
> with an architecture to allow on premise DDoS scrubbing with an appliance.
> As a first pass I've created an cleanL3VPN routing-instance to function
9 matches
Mail list logo
