--- Begin Message ---
> On 14/04/2022, at 10:53 PM, Tobias Heister via juniper-nsp
> <[email protected]> wrote:
>
> Hi,
>
> I doubt that BGP Flow Spec is systested or supported on any QFX5k platform.
>
> Feature Explorer (while not perfect :)) does support me in that thinking:
> https://apps.juniper.net/feature-explorer/parent-feature-info.html?pFKey=1541&pFName=BGP+Flow+Specification
Yeah… QFX5100 (and all the Broadcom boxes, AFACT) fail open when firewall
filters get too complex - and that complexity limit is pretty low.
Given that, having BGP be able to program those same firewall filters seems
like a very bad idea on those boxes.
I wonder if the flowspec rules aren’t matching because the whole thing is too
complex and it’s failing open.
--
Nathan Ward
--- End Message ---
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
