On 2019-03-24 00:32, Thomas Bellman wrote:
They do have limited feature set, though. E.g, they only look at the first 64 octets of each packet (and that includes L2 and L2.5 headers) when deciding what to do with a packet, and can't chase the IPv6 header chain; thus, if there is an extension header before the TCP/UDP header, they won't know what TCP/UDP ports are used, or even if it is TCP, UDP or something else. Dealing with packets exiting tunnels (MPLS, VXLAN, et.c) is also limited. Some declared features - do not work. For example, IPIP termination through filters is claimed, but does not work. https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/... Perhaps "not implemented yet", possibly errata, nevertheless it is very unpleasant when you buy equipment and this is a key necessary function. Therefore, if any more or less complex (uncommon) features are used, it is better to test them first.