Hello,
I am very new to juniper, please pardon my ignorance. I have an MX240, and I have a 10G link to my upstream. I have several other links facing my customers and hosting infrastructure which all run at something decidedly less than 10G. Im interested in implementing some network rate limit controls so that certain common attacks like dns / ldap / memcache reflection can be rate limited down to reasonable levels and avoid trying to forward a 4gbps stream down a 100mbps pipe. I know I want a layered system of policies and that I want to include perhaps sampling and such with jflow or other tools and rtbh, but for right now having even just basic limits on known reflection attack protocols would be a huge step forward. I was wondering what the 'quick and dirty' setup of rate limiting the forwarding of certain protocols and to certain destination networks / interfaces would look like on this platform. Some basic config snippets would be a huge help. Thank you. Mike- _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp