Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Jeff Haas
On Jul 29, 2015, at 10:58 AM, Tarko Tikan ta...@lanparty.ee wrote: hey, The issue with such well, that sounds easy solutions is what it does to system scale. In the days of 2G 32-bit RPD, the addition of a single*word* (4 bytes) to the route data structures was reason for massive

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Tarko Tikan
hey, We are shipping an SMP kernel in the 15.x timeframe. Even with no daemon changes, it helps by spreading the load of the daemons to some extent. From engineering perspective, what will break if you just enable SMP kernel? I would expect processes to be spread to different cores (with

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Alexander Arseniev
Hello, SCU can be used in this scenario http://www.juniper.net/documentation/en_US/junos14.2/topics/task/configuration/scu-or-dcu-configuring-junos-nm.html To drop traffic matching your chosen SCU in a firewall filter, use set forwarding-options family inet filter output YouRscUfilteRname

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Jeff Haas
[Note that this is where I go off into speculative thinking land. Those who know me from conferences are familiar with the process, but I'd really rather not have someone note my email address and think they should start hammering on product management as a result of such public discussion.]

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Tarko Tikan
hey, The issue with such well, that sounds easy solutions is what it does to system scale. In the days of 2G 32-bit RPD, the addition of a single*word* (4 bytes) to the route data structures was reason for massive freak-out. Even in 3G 32-bit RPD, it's problematic. We're now in the land of

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Jeff Haas
Tim, On Jul 28, 2015, at 6:49 PM, tim tiriche tim.tiri...@gmail.com wrote: Hello, Goal: on transit provider link, allow ASN XYZ to reach port 80 and drop all other destined to port 80? I don't want to build a static filter as ASN XYZ could have additional updates. Not sure if

Re: [j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-29 Thread Roland Dobbins
On 29 Jul 2015, at 21:02, Jeff Haas wrote: I don't have a clean answer, but it's leading me to ponder some. Just origin and/or destination AS would be useful in and of themselves, irrespective of further pathing options. . . --- Roland Dobbins

[j-nsp] dynamic prefix list based on as-path .. is it possible?

2015-07-28 Thread tim tiriche
Hello, Goal: on transit provider link, allow ASN XYZ to reach port 80 and drop all other destined to port 80? I don't want to build a static filter as ASN XYZ could have additional updates. Not sure if flowspec can match on as-path? Any pointers would be helpful. Thanks, -Tim