[j-nsp] Control Plane Protection

Tim Eberhard xmin0s at gmail.com
Tue Jan 27 17:53:34 EST 2009


There is an excellent book out that you should read. JUNOS Enterprise
Routing.

Here is what you're looking for:

http://books.google.com/books?id=UI2ZwjIgBwwC&pg=PA307&lpg=PA307&dq=control+plane+firewall+filters+junos&source=web&ots=oIrptUEjBt&sig=UeATL7Uf1NjUNBQYb3HRPe7HQr4&hl=en&sa=X&oi=book_result&resnum=1&ct=result

Good luck,
-Tim Eberhard

On Tue, Jan 27, 2009 at 4:40 PM, Andrew Jimmy <good1 at live.com> wrote:

>
>
> You are concerned about DoS attacks against a key perimeter router in your
> company. Configure router so that it limits the aggregate rate of ARP
> traffic toward the route processor to 75 packets per second. Routing
> control
> traffic marked with an IP Precedence value of 6 should be limited to 100
> packets per second. How do you do this in JUNOS?
>
>
>
> Here is the way you do on Cisco router:
>
>
>
> class-map match-all RP
> match ip precedence 6
> class-map match-all ARP
> match protocol arp
> !
> !
> policy-map CoPP
> class ARP
> police rate 75 pps
> class RP
> police rate 100 pps
> !
> control-plane
> !
> service-policy input CoPP
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list