Skip to Content.
Sympa Menu

netsec-sig - Re: [Security-WG] Junos min-ttl and as regex backref feature

Subject: Internet2 Network Security SIG

List archive

Re: [Security-WG] Junos min-ttl and as regex backref feature


Chronological Thread 
  • From: John Kristoff <>
  • To: Jeff Bartig <>
  • Cc:
  • Subject: Re: [Security-WG] Junos min-ttl and as regex backref feature
  • Date: Tue, 29 May 2018 11:16:42 -0500
  • Ironport-phdr: 9a23:GfpirBO9HgZlzZCbb7Ul6mtUPXoX/o7sNwtQ0KIMzox0I/r8rarrMEGX3/hxlliBBdydt6oZzbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlIiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0vRz+s87lkRwPpiCcfNj427mfXitBrjKlGpB6tvgFzz5LIbI2QMvd1Y6HTcs4ARWdZUMhfVzJPDJ6/YYQNAeoBJ+lXoJXyqVYVsRuzBxOhCP/zxjNUmHP727Ax3eQ7EQHB2QwtB9YAsHPUrNXzKawcVPq1zKjTzTXfaPNW1zn945XPfxAjvfGMXql9ftfPxkk3DQzFk1GQpZb7MDyIy+QAqm6W5PduW+Kojm4osQBxoj63y8cul4nJgIMVykja+iVj2oo1I8O3SFJ9bNW5E5VQrzmXO5V3T888X21lvTo2x7gYtZKlfCUG1JEqywDCZ/Cac4WF5w7sWPqLLjp6gX9pZbGyhxiy/EWl0eLzStO73EtPoyVeiNbBsm4B2hrO4cadUPR95F2u2TOX2gDT9O5EJUc0mLLBJJ4h2LEwjIITvV7CHi/xgkX5kLWaeVg69eiw8evnf7HmqoWCOIBplwHyKqUumsqhDuQkKgUCQWmW9fqg2LDm4UH0RatGguM2n6XFtZ3WO9kXqrO5DgJQzokv9wywAjWj3dgFnnQHIlJIdRecgIf1IV7CPfX1AuyljFmojjtn3/XGMafgApXJIHjDirDhfbNl5k5e1AozzstS6I9KBbEZOv3zR0vxuMbGARAkLgy42/znB8ll1oMCRWKPBbeUMKHJvlCS/OIvP+iMZIAOtTb8Lfgl++DhjWU/mVADYamlw4EbZ26lEfR7O0+Ze2bjgs8dEWcWuQozVPfqh0OeXj5OfXayXr485zEiBIOoAofOXYStgL2a3CenBZ1aeHpKClGKEXf0aYqEQfEMZzyOIsN/iDALS6WuS5JynS2p4S33xbQvBOPO5iwX/cbh3tFv++zcvRA06TFuCcmBiSeAQ3wizVkFXzsn4Kcqo1B+4l6D2LJgxf1fD9cV6/5RWxo+c5PQ0r9UEdf3DyDGftHBa0ynWcmhDz95GtAtwPcCbl50BtHkgxzeiXn5S4QJnqCGUcRnupnX2GL8coMkky7L

On Wed, 23 May 2018 21:50:49 -0500
Jeff Bartig
<>
wrote:

> Yes, I would be supportive of these features. I'd prioritize the back
> reference feature higher, since it is something that isn't possible
> today, while GTSM is possible, but not as easy as it could be.

So apparently the back reference exists already:


<https://www.juniper.net/documentation/en_US/junos/topics/reference/general/junos-cli-replace-command-regular-expressions.html>

I thought this page was referring to edit mode search and replace. I'm
guessing no one here who is still listening to me was aware of this
either. I'll play around with captures when I get a chance.

That leaves the GTSM proposal. After some discussion with some other
colleague in a big network, ingress GTSM support might be non-trivial,
but there may not be an easy way to get this functionality like there
is in IOS. One suggestion was to put GTSM-enabled peers in a BGP group
and then use an apply-path in a loopback filter on a ttl 255 filter.
Not crazy about using GTSM BGP groups, but I'll think on this one a
little more.

John



Archive powered by MHonArc 2.6.19.

Top of Page