A good practice on MX480s would be to keep upstream and downstream ports at
separate MPCs if possible. Depending on your config the standard 256M
RLDRAM from some cards might be an issue in the not so near future. I'm not
sure how much RLDRAM those NG cards have though.

I don't see any advantages of running full tables on a virtual-router,
specially if you have a 64GB RE.

For iBGP consider multiple loopback addresses for different families. I'd
do v4 and v6 (6PE with MPLS) with one family and inet-vpn, l2vpn, etc on
another one. Even with newer REs a full table is taking quite some time to
come up.

For IGP keep a flat area, no need to segment.

If starting from scratch, look at BGP-LU. Running an MX core is expensive
in terms of cost per port. You could run a much cheaper MPLS-only core in
the future with 100Gbps interfaces at only a fraction of the cost of what a
bunch of MPC4 cards would cost.

For IXs I'd recommend a separate routing-instance. This will help you avoid
stuff like someone defaulting to you and transit deviations.

Luis
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
htt

If you're going for that many 10Gbps ports, consider 100Gbps instead;
although I'm not sure what your requirements for that would be.
You'll get varying views on carrying the full table in a VRF or logical
system.

I find not doing this to be simple, but others on this list feel the
reverse. It's up to you.
Yes, all of those would be good.

Since you already have an MPLS network, keep it.

IS-IS is a great IGP. Definitely recommend it.

LDP is a simple way to distribute labels. But think about SR and SPRING
for the future as well.

Mark.

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.n

There are so much debate on how to construct a good network core,
but if you don't need special features, I will stay with something very
simple :

- IGP : ISIS (over OSPF because it doesn't relies on IP, more flexible,
more simple) with only loopback
- iBGP full mesh with DMZ in the main table/main vr (vrf provide more
flexibility for a little increased complexity)
- LDP for signaling MPLS (unless you really need FRR, and/or QOS)

as always KISS is a good approach :)
--
Raphael Mazelier
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailma

Might reach out to your Juniper SE.. I believe they have some internal “gold configs” for different sized ISPs that have been well tested internally. One of their configs might make a good base to start from.
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listin

On 25 March 2016 at 01:57, Matthew Crocker <***@corp.crocker.com> wrote:

Hey,
If you're gonna run L3 MPLS VPN's for what ever purpose, or might run
in future, I strongly recommend putting Internet in VRF. Global table
is annoying special case and doing route injection between global
table and vrf is huge PITA in JunOS. Having Internet in VRF completely
removes this problem.
Today I think you need good reason and justification not to run MPLS
and default to running it. I would certainly run MPLS. As it is
greenfield I'd try to see if running segment routing is an option
instead of LDP or RSVP. If SR is not an option, decision between LDP
and RSVP would depend on if you need strategic or tactical traffic
engineering. If you have sufficient capacity to carry all traffic in
best path during normal situation and single failure definitely no
RSVP, if you do not have sufficient capacity to carry all traffic in
best path during normal situation then definitely RSVP. If you can run
all traffic in best path, but not during single failure then LDP/RSVP
might be debatable.
Even if you choose LDP, you probably want to enable RSVP on links
without configuring any LSPs just in case you can do ad-hoc tactical
TE for specific needs. Like maybe some PE<->PE pair requires two
non-fate-sharing paths. Or maybe your capacity planning cocked up and
you can't turn-up customer until some capacity delivery is done, you
might want to run this customer's traffic on offSPT while waiting for
capacity planning to catch up.
With SR you can cover both LDP use-cases and tactical RSVP use-cases
and not run any new protocol. Your core would run only one protocol,
IGP.

If you're going to have real core (i.e. devices which do not connect
customers) then core can be BGP free, as long as your edge will have
iBGP full-mesh or your route reflectors support ORR (optimal route
reflection).
I would start with RR iBGP day1, because RIB scale likely will hit you
before hardware FIB scale. I would work very hard to do off-path RR
with vMX or equivalent, but I would absolutely require ORR to be there
for this solution to be acceptable.

I'm great supporter of separating control-plane from services and
would run IPv6 in 6PE until one day fork lift network IPV6 only and
put IPv4 in 4PE. Only reason why I might not run 6PE is if I'd run SR.
Goal would be to keep signalling and state in network to minimum.
Software from all vendors is extremely bad, and the less codepaths you
need to explore, the better.