[j-nsp] Control Plane Protection
Andrew Jimmy
good1 at live.com
Tue Jan 27 17:40:00 EST 2009
You are concerned about DoS attacks against a key perimeter router in your
company. Configure router so that it limits the aggregate rate of ARP
traffic toward the route processor to 75 packets per second. Routing control
traffic marked with an IP Precedence value of 6 should be limited to 100
packets per second. How do you do this in JUNOS?
Here is the way you do on Cisco router:
class-map match-all RP
match ip precedence 6
class-map match-all ARP
match protocol arp
!
!
policy-map CoPP
class ARP
police rate 75 pps
class RP
police rate 100 pps
!
control-plane
!
service-policy input CoPP
More information about the juniper-nsp
mailing list