[j-nsp] DDOS and MX-240's

Joel jaeggli joelja at bogus.com
Mon Jan 7 00:22:44 EST 2013

On 1/6/13 20:14 , Richard Gross wrote:
> Dear List,
> I am seeking advise.  If you wanted to block 800K /32's from your inbound
> pipes, how would you do it?
> Would you null route?   Put up multiple stanza firewall filters?   Which
> way has the least amount of hit on router resources?

so I'd have a discard route, and I'd inject the prefixes from another
box probably quagga with a nexthop of the discard route. I'd expect an
re2000 to injest those routes in about 2 minutes

I probably wouldn't use flowspec for this at this point.

> If you would prefer to reply off-list, that would be super.
> richg
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list