Hi Samit,
Do you have the output of "show pfe statistics traffic" from this
router?
What was the type of DoS attack traffic? Was it directed to any of
the interfaces on the router? Did you have any filter applied to
loopback interface to drop such traffic? If yes, did any of the
filters that were applied to the interface matching DoS traffic had
reject action in them? Is any syslogging enabled in any of the filter
terms that were matching the attack traffic?
Also, I would recommend involving JTAC during such incidents in
future. They can help you figure out the problem.
Thanks,
Nilesh
On Feb 14, 2009, at 11:19 PM, "Samit" <janasa...@wlink.com.np> wrote:
Hi,
Today early in the morning around 4am we had a udp based DoS from the
Internet destinate to one of my customer network for about over 1.5hr.
The pps rate was from 165k to 245k peak and at the rate of around
90Mbps
as per the mrtg graphs. I don't have any Qos running, but I noticed
later that all Bgp peer sessions flapped during that period though I
have plenty of capacity in my upstream as well as in downstream links,
therefore I don't call it M7i fully survived and handled it. M7i is
capable of forwarding 16million pps and additionally I have plenty of
free bandwidth available, so there should not be any interface buffer
exhaustion or link saturation. Therefore, I failed to understood the
reason of the BGP flaps. Can anyone help me explain to understand?
Regards,
Samit
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
