Forrest,

Between Jason and Justin, (and now others probably) they've captured what I was already typing.  Basically, that as soon as you create a loopback interface (with a L3 IP) you need to start planning your firewall filter for it.  Most of it is as simple as creating filters for SSH and other administrative access to the loopback address, but some of it is not at all intuitive if you're coming from a Cisco/Brocade world.

The loopback filter protects the RE, and, can, in many cases affect traffic flowing across transit interfaces, in a way that in a Cisco shop you would never have never considered.  On a Juniper, if it will be processed in just about any way by the routing engine (even just a few packets in the flow) you need to account for that.  It's not as daunting as it sounds, but it needs to be accounted for.  I'll let their comments fill in the rest, because others have already provided good resources.  

Sincerely,
Casey Russell
Network Engineer
KanREN
phone785-856-9809
2029 Becker Drive, Suite 282
Lawrence, Kansas 66047
XSEDE Campus Champion
Certified Software Carpentry Instructor
linkedin twitter twitter need support?



On Thu, Oct 8, 2020 at 4:39 AM Forrest Christian (List Account) <lists@packetflux.com> wrote:
<ISP hat on>
After nearly 30 years of being a cisco shop, I'm working on configuring our first pair of Juniper MX204's to replace our current provider-edge cisco. 

I've worked through enough of the Juniper documentation/books to have a fairly good handle on how to configure these, but I wanted to check with the list to see if there are any Juniper-Specific gotchas I might run into that isn't documented well.  

I've done a bit of googling and am either finding stuff that is largely Cisco-specific or which is generic - all of which I'm rather familiar with based on my past history.   Is there anything I should worry about which is Juniper-specific?

--
- Forrest