Hey,
>> b) LPTS only has 'aggregate' (NPU) level policing, ddos-protection has
>> aggregate => ifd => ifl => sub
> I don't really see a need for hierarchical policers and besides the uKernel
> and RE policers are SW, only the LU has HW policer.
It's not really hierarchical, same packet can't hit
> Saku Ytti [mailto:s...@ytti.fi]
> Sent: Monday, April 10, 2017 11:37 PM
>
> Some problems with LPTS
>
> a) LPTS punted packets are not subject to MQC, so you cannot use interface
> policers to limit say say ICMP, BGP etc
Yeah this is a huge mess up, taking the control away and not providing sa
On 11 April 2017 at 00:42, wrote:
> Nope ASR9k is using LPTS to cya :)
Some problems with LPTS
a) LPTS punted packets are not subject to MQC, so you cannot use
interface policers to limit say say ICMP, BGP etc
b) LPTS only has 'aggregate' (NPU) level policing, ddos-protection has
aggregate =>
> Aaron Gould
> Sent: Monday, April 10, 2017 5:12 PM
>
> Junos ddos protect capabilities is new to me. I was pleasantly surprised
to
> learn about ddos protection in Junos and that it seems to be built-in to
Junos
> with Trio chip capabilities (like ACX5048 broadcomm-based doesn't seem to
> suppo
Junos ddos protect capabilities is new to me. I was pleasantly surprised to
learn about ddos protection in Junos and that it seems to be built-in to
Junos with Trio chip capabilities (like ACX5048 broadcomm-based doesn't seem
to support ddos protect). In comparison to Cisco IOS-XR ASR9000, I'm pr
On 10 April 2017 at 09:49, Mark Tees wrote:
Hey,
> Ytti will probably pop up and comment on this but we have
As summoned.
> flow-detection configured under global for ddos-protection which
> create flows then actions when under DDOS like conditions rather than
> hitting static policers. Only a
> James Jun
> Sent: Monday, April 10, 2017 7:17 AM
>
> Hello Folks,
>
> We had a strange DoS attack against a customer attached to an MX104 router
> that caused the device to completely stop forwarding all legitimate
traffic
> (routing protocols both igp and bgp timed out across all adjacencies a
timeouts. You've effectively DoSed yourself with the
>ARP requests I think. :)
>
>Kind regards,
>Felix
>
>
>From: juniper-nsp on behalf of Mark Tees
>
>Sent: Monday, April 10, 2017 8:49 AM
>To: Cahit Eyügünlü
>Cc: j
From memory when I last tested this the default settings were pretty
bad when under DOS conditions (IGP,BGP going down due to packets being
dropped).
Ytti will probably pop up and comment on this but we have
flow-detection configured under global for ddos-protection which
create flows then actions
We are facing the exact Same thing with mx80
iPhone'umdan gönderildi
James Jun şunları yazdı (10 Nis 2017 09:14):
> Hello Folks,
>
> We had a strange DoS attack against a customer attached to an MX104 router
> that caused the device to
> completely stop forwarding all legitimate traffic (routi
Hello Folks,
We had a strange DoS attack against a customer attached to an MX104 router that
caused the device to
completely stop forwarding all legitimate traffic (routing protocols both igp
and bgp timed out across
all adjacencies and sessions).
The attack traffic was roughly 5.9 Gbps and it
11 matches
Mail list logo
