Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Protect Routing Engine

    Posted 02-22-2021 19:39
    I want to create a policy/policer to protect the control plane/routing-engine.

    I have read the documentation and found this example:

    set firewall policer police_pps if-exceeding-pps pps-limit 1k
    set firewall policer police_pps if-exceeding-pps packet-burst 150
    set firewall policer police_pps then discard
    set firewall family inet filter my_pps_filter term term1 then policer police_pps
    set interfaces lo0 unit 0 family inet filter input my_pps_filter
    set interfaces lo0 unit 0 family inet address 127.0.0.1/32

    I am already using the loopback interface for other functionality and realize you can only have one loopback per routing table. Is there a workaround?

    Thanks

    ------------------------------
    Jack
    ------------------------------


  • 2.  RE: Protect Routing Engine

    Posted 02-22-2021 19:52
    You don't need to create a loopback for the protect re function but simply apply your firewall and policer to the actual loopback mgmt interface of the Junos device.  This then applies from here to all self traffic bound for the RE on the Junos router.

    You might find this free book from Juniper helpful as it goes into great detail and provides samples.

    https://kb.juniper.net/library/CUSTOMERSERVICE/Securing_RouteEngine2.pdf

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------