can u check the link below http://www.juniper.net/techpubs/en_US/junos13.2/topics/task/configuration/subscriber-management-ddos-packet.html
regards abhijeet.c On Thursday, January 30, 2014 2:57 PM, Misak Khachatryan <m.khachatr...@gnc.am> wrote: Hello, > >I met very ugly problem yesterday. Consider following scheme: > > > ================ Cisco ASR 1006 > | >Customer ========| Juniper EX4200 | > | > ================ Juniper MX480 > >Customer connected by one VLAN to both routers and established BGP >session with both. > >Suddenly his router starts to send around 10000 packets per second. Most >of them are exactly this: > >"1","0.000000","0.0.0.0","224.0.0.1","IGMPv3","60","Membership Query, >general" > >MX480 is just dying from this flood of packets, where ASR is fine. > >I know that several DDoS policies are preconfigured to protect RE from >these situations but tresholds didn't trigger, so RE should handle them: > >show ddos-protection protocols igmp >Packet types: 1, Modified: 0, Received traffic: 1, Currently violated: 0 >Currently tracked flows: 0, Total detected flows: 0 >* = User configured value > >Protocol Group: IGMP > > Packet type: aggregate (Aggregate for all igmp traffic) > Aggregate policer configuration: > Bandwidth: 20000 pps > Burst: 20000 packets > Recover time: 300 seconds > Enabled: Yes > Flow detection configuration: > Detection mode: Automatic Detect time: 3 seconds > Log flows: Yes Recover time: 60 seconds > Timeout flows: No Timeout time: 300 seconds > Flow aggregation level configuration: > Aggregation level Detection mode Control mode Flow rate > Subscriber Automatic Drop 10 pps > Logical interface Automatic Drop 10 pps > Physical interface Automatic Drop 20000 pps > System-wide information: > Aggregate bandwidth is never violated > Received: 7268549 Arrival rate: 0 pps > Dropped: 0 Max arrival rate: 17204 pps > Routing Engine information: > Bandwidth: 20000 pps, Burst: 20000 packets, enabled > Aggregate policer is never violated > Received: 4270279 Arrival rate: 0 pps > Dropped: 0 Max arrival rate: 9979 pps > Dropped by individual policers: 0 > FPC slot 1 information: > Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled > Aggregate policer is never violated > Received: 1658 Arrival rate: 0 pps > Dropped: 0 Max arrival rate: 2 pps > Dropped by individual policers: 0 > Dropped by flow suppression: 0 > FPC slot 2 information: > Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled > Aggregate policer is never violated > Received: 7266879 Arrival rate: 0 pps > Dropped: 0 Max arrival rate: 17204 pps > Dropped by individual policers: 0 > Dropped by flow suppression: 0 > FPC slot 3 information: > Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled > Aggregate policer is never violated > Received: 12 Arrival rate: 0 pps > Dropped: 0 Max arrival rate: 0 pps > Dropped by individual policers: 0 > Dropped by flow suppression: 0 > >Anybody have experience with configuration of additional mechanisms? >Anybody nave recommendations for threshold tuning? > >I'm gonna to open ticket in JTAC of course, but here i can get faster >answers. Thank You in advance. > >-- >Best regards, >Misak Khachatryan, >Head of Network Administration >and Monitoring Department, >GNC-Alfa CJSC. >_______________________________________________ >juniper-nsp mailing list juniper-nsp@puck.nether.net >https://puck.nether.net/mailman/listinfo/juniper-nsp > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp