Puppet for Junos

Hi All,

I was wondering wether the following would be a valid use case scenario for puppet. I am currently designing and building a RTBH solution in my ISP network. I need a means to allow regular operators to inject a route with certain parameters, like next-hop and communities. I am considering looking at netconf as well, but i'm not sure which solution will fit my needs best.

Also, does anyone know if there will be support for m series (m7i) in the (near) future? I will have 2 m7i´s to become my trigger routers.

Kind regards,

Dennis 

Hi Dennis,

Puppet really comes into it's own when you've got a single identical change to make across a large number of devices, but it does mean a configuration change, which is only pushed out at a fixed interval (say 15-30 minutes).  

I can't help thinking though that for your RTBH scenario, that something more agile like BGP Flowspec would be better suited to the task:

http://www.juniper.net/techpubs/en_US/junos12.1/topics/example/routing-bgp-flow-specification-routes.html 

You could have a single router that operators log into to add prefixes too, then let BGP propogate that out to your edge routers, which instantly drop or rate-limit matching traffic.

Flowspec is also available on your M-Series today.

@Ben,

Thank you for jumping in on this.  I may be an "automation nerd" but way out of my league on that question 🙂

Thanks Ben. Defenitly going to look at this.

The reason im setting up 2 routers, is because i will also use these devices to null route bogons(cymru), do looking glass stuff etc. So i want some redundancy... and since this pair is left over from an upgrade to MX80's i rather use them ths way then selling them to a broker for peanuts 😉