Hello,
Trio DDOS employs a hierarchy/chain of policers. Assuming flow detection
is at default (and default==not configured), the first policer in a
chain would be the FPC aggregate one, and it is 20Kpps by default.
Your 188K offered BGP traffic is therefore rate-limited OUT OF FPC to
20Kpps.
I assume you'd see BGP down on the first example as well, just lower
probability to see down event.
Out of box ddos-protection isn't doing much useful, you need to
configure every protocol.
http://blog.ip.fi/2014/03/quick-look-at-trio-ddos-protection-with.html
may give some ideas how to start
On
> On Jan 4, 2019, at 3:06 PM, Jason Lixfeld wrote:
>
> Hi,
>
> Before I go too far down the rabbit hole of looking into the DDoS Protection
> parent feature on MX, does anyone know if it’s supported on MX204?
So it’s a shallow rabbit hole; it’s enabled by default and after poking around
wit
Hi,
Before I go too far down the rabbit hole of looking into the DDoS Protection
parent feature on MX, does anyone know if it’s supported on MX204?
It’s not specifically listed as a supported platform here:
https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-d
4 matches
Mail list logo
