@Mick
All our interfaces are bellow total link utilization; I hope I understood
your question.
@Dobbins
We have all that in place. We have something similar for NTP traffic, and
others. What I had in mind was limiting total amount of traffic on edge
routers that can go to specific region in our
The congested 'meeting' place for DDOS traffic and BGP traffic was AS9k,
upstream of PE router. But QoS is properly implemented there, and there are
no drops for critical traffic.
ASR9010, 4.2.3.
On Mon, Mar 10, 2014 at 11:09 AM, redscorpion69 wrote:
> @Mick
> All our interfaces are bellow tot
On Mar 10, 2014, at 2:41 AM, redscorpion69 wrote:
> Filters don't allow BGP sessions to our PE router.
You might want to double-check that your iACLs are up-to-date, that you've
enabled GTSM, that you've enabled CoPP, etc.
What make/model/OS/train/revision/linecard?
> By the way, what IS the
Out of interest, are your transit access interfaces sub-rate?
On 10 March 2014 06:41, redscorpion69 wrote:
> The BGP session went down, and stayed down for about 3 min, as if there was
> a problem for TCP to establish a session back on. It happened during DDOS,
> before and after that this sess
The BGP session went down, and stayed down for about 3 min, as if there was
a problem for TCP to establish a session back on. It happened during DDOS,
before and after that this session never dropped. There's nothing in logs
except that notification was sent since the hold timer expired.
BGP is by
This is one of those things that isn’t supposed to happen but often does. The
first thing I’d look at are the log messages. Are you sure the neighbor went
down because of the DDOS attack? Could have been another type of error or even
a scheduled change during the attack.
Next I’d probably lo
alf Of
redscorpion69
Sent: Thursday, March 06, 2014 12:07 PM
To: cisco-nsp@puck.nether.net
Subject: [c-nsp] BGP session going down during DDOS
Today we had a couple of dozen Gbps traffic to one of our customer.
At one point during attack, our PE router where the customer is attached had
a BGP se
On Mar 7, 2014, at 2:07 AM, redscorpion69 wrote:
> How to make sure this doesn't happen again?
Are you sure the router wasn't attacked directly? Have you implemented iACLs
to keep unauthorized traffic off your routers?
Maybe the CE router isn't properly protected and went down, or was simply
Subject: [c-nsp] BGP session going down during DDOS
Today we had a couple of dozen Gbps traffic to one of our customer.
At one point during attack, our PE router where the customer is attached had a
BGP session to one of our RR go down, only to go up after half a minute.
Our core has juniper
Today we had a couple of dozen Gbps traffic to one of our customer.
At one point during attack, our PE router where the customer is attached
had a BGP session to one of our RR go down, only to go up after half a
minute.
Our core has juniper/asr9k, our PE router in question is 7600.
All our traff
10 matches
Mail list logo
