nanog mailing list archives
Re: Juniper configuration recommendations/BCP
From: Casey Russell via NANOG <nanog () nanog org>
Date: Thu, 8 Oct 2020 10:51:27 -0500
Forrest, Between Jason and Justin, (and now others probably) they've captured what I was already typing. Basically, that as soon as you create a loopback interface (with a L3 IP) you need to start planning your firewall filter for it. Most of it is as simple as creating filters for SSH and other administrative access to the loopback address, but some of it is not at all intuitive if you're coming from a Cisco/Brocade world. The loopback filter protects the RE, and, can, in many cases affect traffic flowing across transit interfaces, in a way that in a Cisco shop you would never have never considered. On a Juniper, if it will be processed in just about any way by the routing engine (even just a few packets in the flow) you need to account for that. It's not as daunting as it sounds, but it needs to be accounted for. I'll let their comments fill in the rest, because others have already provided good resources. Sincerely, Casey Russell Network Engineer [image: KanREN] <http://www.kanren.net> [image: phone]785-856-9809 2029 Becker Drive, Suite 282 Lawrence, Kansas 66047 XSEDE Campus Champion Certified Software Carpentry Instructor [image: linkedin] <https://www.linkedin.com/company/92399?trk=tyah&trkInfo=clickedVertical%3Acompany%2CclickedEntityId%3A92399%2Cidx%3A1-1-1%2CtarId%3A1440002635645%2Ctas%3AKanREN> [image: twitter] <https://twitter.com/TheKanREN> [image: twitter] <http://www.kanren.net/feed/> need support? <support () kanren net> On Thu, Oct 8, 2020 at 4:39 AM Forrest Christian (List Account) < lists () packetflux com> wrote:
<ISP hat on> After nearly 30 years of being a cisco shop, I'm working on configuring our first pair of Juniper MX204's to replace our current provider-edge cisco. I've worked through enough of the Juniper documentation/books to have a fairly good handle on how to configure these, but I wanted to check with the list to see if there are any Juniper-Specific gotchas I might run into that isn't documented well. I've done a bit of googling and am either finding stuff that is largely Cisco-specific or which is generic - all of which I'm rather familiar with based on my past history. Is there anything I should worry about which is Juniper-specific? -- - Forrest
Current thread:
- Juniper configuration recommendations/BCP Forrest Christian (List Account) (Oct 08)
- Juniper configuration recommendations/BCP Chriztoffer Hansen (Oct 08)
- RE: Juniper configuration recommendations/BCP adamv0025 (Oct 12)
- RE: [EXTERNAL] Juniper configuration recommendations/BCP Mann, Jason via NANOG (Oct 08)
- Re: [EXTERNAL] Juniper configuration recommendations/BCP Pierre LANCASTRE (Oct 08)
- Re: Juniper configuration recommendations/BCP Justin Oeder (Oct 08)
- Re: Juniper configuration recommendations/BCP Paschal Masha (Oct 09)
- Re: Juniper configuration recommendations/BCP Forrest Christian (List Account) (Oct 08)
- Re: Juniper configuration recommendations/BCP Paschal Masha (Oct 09)
- Re: Juniper configuration recommendations/BCP Casey Russell via NANOG (Oct 08)
- RE: Juniper configuration recommendations/BCP aaron1 (Oct 08)
- RE: Juniper configuration recommendations/BCP aaron1 (Oct 08)
- RE: Juniper configuration recommendations/BCP aaron1 (Oct 08)
- Re: Juniper configuration recommendations/BCP Chris Boyd (Oct 08)
- Re: Juniper configuration recommendations/BCP Matt Harris (Oct 08)
- Re: Juniper configuration recommendations/BCP Ryan Hamel (Oct 08)
- Re: Juniper configuration recommendations/BCP Chris Adams (Oct 08)
- Re: Juniper configuration recommendations/BCP David Kotlerewsky (Oct 09)
- RE: Juniper configuration recommendations/BCP aaron1 (Oct 08)
- Re: Juniper configuration recommendations/BCP Alain Hebert (Oct 09)
- RE: Juniper configuration recommendations/BCP aaron1 (Oct 08)
- Juniper configuration recommendations/BCP Chriztoffer Hansen (Oct 08)