Can still be ttl=1 there... Jared Mauch
On Dec 29, 2012, at 3:49 PM, 叶雨飞 <sunyuc...@gmail.com> wrote: > No, it is just valid syn packets. A lot of them. > > On Dec 29, 2012 12:23 PM, "Jared Mauch" <ja...@puck.nether.net> wrote: >> Was it all ttl expired traffic? >> >> Jared Mauch >> >> On Dec 29, 2012, at 3:18 PM, 叶雨飞 <sunyuc...@gmail.com> wrote: >> >> > Hi, >> > >> > I was woken up this morning to deal with a DDOS syn-flodd situation, pps >> > ~15k/s. >> > >> > Here's monitor interface traffic: >> > >> > Interface Link Input packets (pps) Output packets >> > (pps) >> > ge-0/0/0 Up 11772104571 (24744) 11662868938 (161012) >> > ge-0/0/3 Up 3405764281 (148559) 6036903599 (12097) >> > >> > traffic is routed from ge-0/0/3 to ge-0/0/0. ge-0/0/3 is 100M link, >> > which is not being used in full, ge-0/0/0 is 1G link: >> > >> > Interface Link Input bytes (bps) Output bytes >> > (bps) >> > ge-0/0/0 Up 5190252823607 (65535424) 5285424390651 >> > (94655872) >> > ge-0/0/3 Up 1710426561796 (52511712) 2822734491891 >> > (30575112) >> > >> > However, other packet is being dropped almost 100% on ge-0/0/3 link, >> > which I am trying to figure out why. Link is not full, so it is not >> > dropped by upstream. >> > >> > CPU is not full >> > >> >> show chassis routing-engine >> > CPU utilization: >> > User 1 percent >> > Real-time threads 67 percent >> > Kernel 0 percent >> > Idle 32 percent >> > >> > Dropped counter is all 0 in >> >> show interface queue ge-0/0/3 >> > >> > I don't have any QOS configured, so it's all best-effort traffic. >> > >> > What else maybe the reason? I am currently blaming J2350 to dropping >> > legitimate traffic under stress (due to observation of downstream all >> > works fine) but I can't find any evidence of it. >> > >> > Your help is much appreciated. >> > >> > Thanks. >> > _______________________________________________ >> > juniper-nsp mailing list juniper-nsp@puck.nether.net >> > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp