[j-nsp] DDOS and MX-240's
morrowc at ops-netman.net
Sun Jan 6 23:53:09 EST 2013
On 01/06/2013 11:14 PM, Richard Gross wrote:
> Dear List,
> I am seeking advise. If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?
you might be able to do this with routes... but, ouch... depending on
the RE you'll be straining the limits :(
> Would you null route? Put up multiple stanza firewall filters? Which
> way has the least amount of hit on router resources?
you might not want to put in 800k route entries in your config :) but
you could do it with simple bgp session to a quagga/etc box instead.
More information about the juniper-nsp