[j-nsp] Massive ICMP test. Could it generate problems?
Gary Tate
gtate at juniper.net
Tue Dec 9 13:22:41 EST 2003
To be clear on this point:
Sourced from the RE pings are limited via queuing mechanisms on the
fxp1 connetion to the PFE
These packets have a lower priority than other control traffic and will
be dropped when necessary. It is advisable to limit them as per the
document I posted:
>>> http://www.juniper.net/solutions/literature/app_note/350013.pdf
As this will guard against incoming DOS attacks.
show pfe statistics ip icmp
This shows all icmp packet statistics for the PFE.
The pfe cpu complex limits icmp to 50pps per ifl and 500pps box wide
I hope this clears up any confusion
Gary
More information about the juniper-nsp
mailing list