[j-nsp] DDOS and MX-240's

Chris Morrow morrowc at ops-netman.net
Sun Jan 6 23:53:09 EST 2013



On 01/06/2013 11:14 PM, Richard Gross wrote:
> Dear List,
> 
> I am seeking advise.  If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?

you might be able to do this with routes... but, ouch... depending on
the RE you'll be straining the limits :(

> Would you null route?   Put up multiple stanza firewall filters?   Which
> way has the least amount of hit on router resources?

you might not want to put in 800k route entries in your config :) but
you could do it with simple bgp session to a quagga/etc box instead.

-chris


More information about the juniper-nsp mailing list