.com
>> Cc: Brendan Mannella; juniper-nsp@puck.nether.net
>> Subject: Re: [j-nsp] QFX5100 ACLs
>>
>> Policer on term which does not discriminate good and bad only gives attacker
>> an leverage by reducing the pps/bps demand to congest the good?
>>
>>
>>
> From: Saku Ytti [mailto:s...@ytti.fi]
> Sent: Tuesday, December 12, 2017 9:08 AM
> To: adamv0...@netconsultings.com
> Cc: Brendan Mannella; juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] QFX5100 ACLs
>
> Policer on term which does not discriminate good and bad only gives
Policer on term which does not discriminate good and bad only gives
attacker an leverage by reducing the pps/bps demand to congest the
good?
On 12 December 2017 at 10:21, wrote:
>> Of Saku Ytti
>> Sent: Monday, December 11, 2017 2:46 PM
>>
>> Someone pointed this to me -
>> https://kb.juniper.n
> Of Saku Ytti
> Sent: Monday, December 11, 2017 2:46 PM
>
> Someone pointed this to me -
> https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145
>
Are there any "sensible" policers defined for these "70 such hardware
filters, which target different protocols"?
adam
netconsultings.com
Hi,
FYI, using the command from the PR, it seem right.
PS: There was an issue with mixed mode that needed to be set to NO,
but the exact context is eluding me right now. But it is not relevant
to input-list.
-
Model: qfx5100-48s-6q
Junos: 17.2R1.13
-
Xyz> show virtual
Hi Alain,
Good to know that now it works. It was way back in February 2016 with
13.2X51-D35.3 and below is the exempt from TAC case. We haven't been
told however that a PR was raised to address the issue or there are
plans to resolve it.
Problem Description :
We use common set of filters o
I highly recommend to not use VCF for any L3/MPLS/etc.
We had a year long battle with it. And it won.
Now that we're back into MPLS territory they're working fine as
hell. And it will only cost us some training for the juniors.
--
But I can confirm that the input-li
Someone pointed this to me -
https://kb.juniper.net/InfoCenter/index?page=content&id=KB24145
No es bueno.
On 4 December 2017 at 18:02, Brendan Mannella wrote:
> Hello,
>
> So i have been testing QFX5100 product for use as a core L3 switch/router
> with BGP/OSPF. I have my standard RE filter bloc
Hi,
Odd.
Model: qfx5100-48s-6q
Junos: 17.2R1.13
I've verified with both the "pfe shell" and a Nessus scan
TCP+UDP+Ports 1 thru 65535 and this input-list
[ ICMP-FI OSPF-PEERS-FI LDP-PEERS-FI BGP-PEERS-FI BFD-PEERS-FI
VRRP-FI DHCP-FI -MGMT-FI DROP-FI ]
Worke
Hi Brendan,
If you use filter-list on Lo0 interface as per "securing RE guide" then
it's not supported. Only first filter in list is programmed and
everything else is ignored. We ran into the same issue and had to pull
it out from JTAC to confirm.
Brendan Mannella писал 04.12.2017 15:51:
+
My version words bit differently:
+ Total TCAM entries available: 566
+ Total TCAM entries needed : 424
Even when it is not programmed, it does say 'Programmed: YES', at
least for me. But for me if needed > available, it has been accurate
to predict if or not it's been correctly programmed
+ Programmed: YES
+ Total TCAM entries available: 1788
+ Total TCAM entries installed : 516
Brendan Mannella
TeraSwitch Inc.
Main - 1.412.945.7045
Direct - 1.412.945.7049
eFax - 1.412.945.7049
Colocation . Cloud . Connectivity
This email and any files transmitted with it are confiden
Hey Brendan,
This is news to me, but plausible. Can you do this for me
start shell pfe network fpc0
show filter
show filter hw show_term_info
Compare how many TCAM entries are needed, and how many are available.
Also if you can take a risk of reloading the FPC run:
show filter hw show_terms_
Hello,
So i have been testing QFX5100 product for use as a core L3 switch/router
with BGP/OSPF. I have my standard RE filter blocking various things
including BGP from any unknown peer. I started to receive errors in my logs
showing BGP packets getting through from hosts that weren't allowed. Afte
14 matches
Mail list logo
