Routing

Expand all | Collapse all

Filter to protect RE and icmp traffic

Jump to Best Answer
  • 1.  Filter to protect RE and icmp traffic

    Posted 04-10-2019 04:00

    Hi There,

    I am having problem with an mx960 which seems to drop ICMP traffic but I do not have any evidence on logs. This is just an assumption due to the alarm i am receving from the monitoring system.

    The moniotring system report the router down even if the router is just fine.

    Assuming I have firewall filter to protect the RE to limit the ICMP traffic.

    Assuming that the poller is polling the router NOT pinging the IP address of the Loopback interface BUT an IP applied to a physical interface on the router itsels.

    Question:

    Is this icmp traffic rate-limited by the firewall filter applied to the loopback interface?

    Or even better: is the ICMP traffic destinated to any interface configured on the router ALWAYS processed by the RE?

    Finally, can you please give an example of traffic detsinated to the RE?

    I am reading  DAY ONE: SECURING THE ROUTING ENGINE ON M, MX, AND T SERIES but the above question are not really answered clearly.

     

    Thanks.

      



  • 2.  RE: Filter to protect RE and icmp traffic
    Best Answer

     
    Posted 04-10-2019 04:22

    Hello,

     

    Answering your question - yes, the ICMP traffic destinated to any interface configured on the router is always processed by the RE.

    Firewall filter applied to lo0 interface is automatically programmed on all FPCs, which makes it a very convenient tool.

    Nice example of protect-re filter is provided on this blog, please check it out.

     

    HTH,

    Sergii

    -------------------------------------------------------------------

    Please accept the solution if your problem is resolved Smiley Wink

    -------------------------------------------------------------------