Hi Alexandre,
The detection system throws for example port 123 and port 0 rules at the
same time.
But I got the logic but for example on our flow monitoring system we got
30Gbps of udp flood towards a customer, 25Gbps are from source port 123 and
5gbps are from port 0.
What we get here is
Weird, show route flow validation detail came out empty.
But on PFE looks like rules are been accepted.
But when DDoS traffic comes with high volume, all of them are forwarded to
customers instead of being dropped at the edge..
{master}
gustavo@MX10K3> show route flow validation detail
inet.0:
On Sat, Sep 17, 2022 at 11:41:58AM -0300, Gustavo Santos via juniper-nsp wrote:
> Hi Saku,
>
> PS: Real ASN was changed to 65000 on the configuration snippet.
>
>
>
> show route table inetflow.0 extensive
>
> 1x8.2x8.84.34,*,proto=17,port=0/term:7 (1 entry, 1 announced)
port=0 seems to be
It's in the HRTimers code which is very interesting. seems to have started when
I rolled back which IPs were primary on an IRB for my local DHCP pool.
Interfaces have VRRP on them and it wasn't happy at all.
Seems specific to 5100.
Very odd.
Sent via RFC1925 compliant device
> On Sep 18,
Le dim. 18 sept. 2022 à 07:08, Chuck Anderson via juniper-nsp
a écrit :
>
> On Sat, Sep 17, 2022 at 06:21:51PM -0400, Jared Mauch via juniper-nsp wrote:
> > Anyone else see their RPD start to core today? Seeing something weird,
> > unclear if it’s local to my network or otherwise but two
Actually I think I'm confused, I'm just not accustomed to seeing other
than 0:0 as rate, but it may be thaat the first 0 doesn't matter.
I would verify 'show route flow validation detail' as well as verify
presence of policers if any (in PFE 'show filter counters').
I'd also look at the filter
Are you exceeding the configured rate for the policer? Did you expect
to drop at any rate? The rule sets a non-0 policing rate.
On Sat, 17 Sept 2022 at 17:42, Gustavo Santos wrote:
>
> Hi Saku,
>
> PS: Real ASN was changed to 65000 on the configuration snippet.
>
>
>
> show route table
7 matches
Mail list logo
