[j-nsp] Bgp peer sessions flap in 165k-245k pps/sec DoS
Nilesh Khambal
nkhambal at juniper.net
Sun Feb 15 03:37:56 EST 2009
Hi Samit,
Do you have the output of "show pfe statistics traffic" from this
router?
What was the type of DoS attack traffic? Was it directed to any of
the interfaces on the router? Did you have any filter applied to
loopback interface to drop such traffic? If yes, did any of the
filters that were applied to the interface matching DoS traffic had
reject action in them? Is any syslogging enabled in any of the filter
terms that were matching the attack traffic?
Also, I would recommend involving JTAC during such incidents in
future. They can help you figure out the problem.
Thanks,
Nilesh
On Feb 14, 2009, at 11:19 PM, "Samit" <janasamit at wlink.com.np> wrote:
> Hi,
>
> Today early in the morning around 4am we had a udp based DoS from the
> Internet destinate to one of my customer network for about over 1.5hr.
> The pps rate was from 165k to 245k peak and at the rate of around
> 90Mbps
> as per the mrtg graphs. I don't have any Qos running, but I noticed
> later that all Bgp peer sessions flapped during that period though I
> have plenty of capacity in my upstream as well as in downstream links,
> therefore I don't call it M7i fully survived and handled it. M7i is
> capable of forwarding 16million pps and additionally I have plenty of
> free bandwidth available, so there should not be any interface buffer
> exhaustion or link saturation. Therefore, I failed to understood the
> reason of the BGP flaps. Can anyone help me explain to understand?
>
>
> Regards,
> Samit
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list