<div dir="ltr">Forrest,<div><br></div><div>Between Jason and Justin, (and now others probably) they've captured what I was already typing.  Basically, that as soon as you create a loopback interface (with a L3 IP) you need to start planning your firewall filter for it.  Most of it is as simple as creating filters for SSH and other administrative access to the loopback address, but some of it is not at all intuitive if you're coming from a Cisco/Brocade world.</div><div><br></div><div>The loopback filter protects the RE, and, can, in many cases affect traffic flowing across transit interfaces, in a way that in a Cisco shop you would never have never considered.  On a Juniper, if it will be processed in just about any way by the routing engine (even just a few packets in the flow) you need to account for that.  It's not as daunting as it sounds, but it needs to be accounted for.  I'll let their comments fill in the rest, because others have already provided good resources.  <br clear="all"><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div><br><div dir="ltr"><div style="padding-bottom:15px">Sincerely,</div>
        <div style="padding-bottom:5px">Casey Russell</div>
        <div style="color:rgb(136,136,136);font-style:italic;font-size:12px">Network Engineer</div><div style="color:rgb(136,136,136);font-style:italic;font-size:12px"><a href="http://www.kanren.net" style="font-size:12.8px;font-style:normal" target="_blank"><img src="http://www.kanren.net/wp-content/uploads/2016/06/KanREN.png" alt="KanREN" height="auto" width="250"></a><br></div>
                
                        
                                
                                        <div><img src="http://www.kanren.net/wp-content/uploads/2016/06/phone.png" alt="phone" height="auto" width="12">785-856-9809</div>
                                
                                
                                        <div style="padding-bottom:3px">
                                                        2029 Becker Drive, Suite 282<br>
                                                        Lawrence, Kansas 66047
                                        </div><div style="padding-bottom:3px">XSEDE Campus Champion</div><div style="padding-bottom:3px">Certified Software Carpentry Instructor</div>
                                
                        
                        
                                
                                        <span style="display:inline-block;margin:0px 3px">
                                                <a href="https://www.linkedin.com/company/92399?trk=tyah&trkInfo=clickedVertical%3Acompany%2CclickedEntityId%3A92399%2Cidx%3A1-1-1%2CtarId%3A1440002635645%2Ctas%3AKanREN" target="_blank">
                                                        <img src="http://www.kanren.net/wp-content/uploads/2016/06/linkedin.png" alt="linkedin" height="auto" width="20">
                                                </a>
                                        </span>
                                        <span style="display:inline-block;margin:0px 3px">
                                                <a href="https://twitter.com/TheKanREN" target="_blank">
                                                        <img src="http://www.kanren.net/wp-content/uploads/2016/06/twitter.png" alt="twitter" height="auto" width="20">
                                                </a>
                                        </span>
                                        <span style="display:inline-block;margin:0px 3px">
                                                <a href="http://www.kanren.net/feed/" target="_blank">
                                                        <img src="http://www.kanren.net/wp-content/uploads/2016/06/rss.png" alt="twitter" height="auto" width="20">
                                                </a>
                                        </span>
                                        <a href="mailto:support@kanren.net" style="background:rgb(187,187,187);color:rgb(255,255,255);text-decoration:none;display:inline-block;padding:3px 10px;margin-left:10px" target="_blank">need support?</a></div></div><div dir="ltr"><br></div></div></div></div></div></div></div></div></div></div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Oct 8, 2020 at 4:39 AM Forrest Christian (List Account) <<a href="mailto:lists@packetflux.com">lists@packetflux.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><ISP hat on></div><div>After nearly 30 years of being a cisco shop, I'm working on configuring our first pair of Juniper MX204's to replace our current provider-edge cisco. </div><div><br></div><div>I've worked through enough of the Juniper documentation/books to have a fairly good handle on how to configure these, but I wanted to check with the list to see if there are any Juniper-Specific gotchas I might run into that isn't documented well.  </div><div><br></div><div>I've done a bit of googling and am either finding stuff that is largely Cisco-specific or which is generic - all of which I'm rather familiar with based on my past history.   Is there anything I should worry about which is Juniper-specific?</div><div><br></div><div><div>-- <br><div dir="ltr"><div dir="ltr">- Forrest</div></div></div></div></div>
</blockquote></div>