[c-nsp] BGP session going down during DDOS

redscorpion69 redscorpion69 at gmail.com
Thu Mar 6 13:07:15 EST 2014


Today we had a couple of dozen Gbps traffic to one of our customer.

At one point during attack, our PE router where the customer is attached
had a BGP session to one of our RR go down, only to go up after half a
minute.

Our core has juniper/asr9k, our PE router in question is 7600.

All our traffic is properly classified from RR to 7600 in both directions.
The CPU stayed fairly low on PE, so if traffic is properly classified, how
is it possible for router to drop BGP control plane?

If input queues are an issue, shouldn't default SPD configuration take care
of that on 7600?

How to make sure this doesn't happen again?

Regards


More information about the cisco-nsp mailing list