[j-nsp] Paid: need small M7i config snippet (policer)
Markus
universe at truemetal.org
Mon Apr 18 20:33:48 EDT 2011
Hi,
I have a M7i and some customers are attracting DDoS attacks (UDP packet
floods) causing some 100 Mbps switches in the LAN to sature and, in case
of large DDoSes, sometimes also the upstream links. This is not good. :)
Therefore I'd like to implement the following:
UDP throughput coming in from the internet to a specific local IP address
(or subnet) should never exceed 50 Mbps.
And to protect the RE: UDP throughput to the router itself should never
exceed n Mbps (what's a good value?).
I have no lab router to mess around with so I would like to request a
config snippet that just works. I'm offering money (PayPal, CC, wire) for
the person or company who is willing to do that.
You can get in touch with me off-list.
Thank you!
Markus
PS:
Item Version Part number Serial number Description
Chassis 36947 M7i
Midplane REV 04 710-008761 CK5276 M7i Midplane
Power Supply 0 Rev 05 740-008537 5218978 AC Power Supply
Power Supply 1 Rev 05 740-008537 5240260 AC Power Supply
Routing Engine REV 06 740-011202 1000691275 RE-850
CFEB REV 04 750-010463 CK3066 Internet
Processor II
FPC 0 E-FPC
PIC 0 REV 07 750-010238 CL0382 1x G/E SFP, 1000
BASE
SFP 0 REV 01 740-013111 51231147 SFP-T
FPC 1 E-FPC
PIC 2 BUILTIN BUILTIN 1x Tunnel
PIC 3 REV 06 750-009099 CK8663 1x G/E, 1000 BASE
SFP 0 REV 01 740-013111 51231161 SFP-T
--- JUNOS 8.0R2.8 built 2006-09-29 08:32:29 UTC
(Old, I know... )
More information about the juniper-nsp
mailing list