Heh,
That makes sense. So in QFX5k 'VXLAN' classifier can contain anything
inside the VXLAN, like ARP? Instead of it being classified ARP, they
all share VXLAN classifier?
So this could also be VXLAN TTL exceeded? Which would happen every
time you have some kind of convergence event, and you'll
Hi John
The default DDoS values on QFX5k for EVPN-VXLAN is way too low.
I recommend these values + very tight storm-control on each applicable port.
RSVP and LDP are not used but share the same queue as BGP so you will see
strange triggers if you omit these.
set system ddos-protection protocols
The 'max arrival rate' is pre-policer, not the admitted rate.
I don't use VXLAN, and I can't begin to guess what VXLAN traffic needs
to punt. But this is not your transit VXLAN traffic. This is some
VXLAN traffic that the platform thought it needed to process in the
software.
I would personally
Hi Johan
I experienced a similar issue in my evpn-vxlan environment on QFX5120-48y
switches. The DDOS alert occurred whenever a large number of VM migrations
occurred simultaneously in my environment, some times there were 20 VM's in
simultaneous migration and the DDOS alarmed.
To solve this, I
Hi!
The leaf switches are QFX5k and it seems to be lacking some of the command
you mentioned. We don't have any problem with bgp sessions going down, the
impact is only the payload inside vxlan.
Protocol Group: VXLAN
Packet type: aggregate (Aggregate for vxlan control packets)
Aggregate
Hey,
Before any potential trashing, I'd like to say that as far as I am
aware Juniper (MX) is the only platform on the market which isn't
trivial to DoS off the network, despite any protection users may have
tried to configure.
> How do you identify the source problem of DDOS violations that
Hi!
How do you identify the source problem of DDOS violations that junos logs
for QFX? For example what interface that is causing the problem?
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception VXLAN:aggregate exceeded its allowed bandwidth at fpc 0
for 30 times,
7 matches
Mail list logo