[j-nsp] ddos-protection
Richard A Steenbergen
ras at e-gerbil.net
Thu Jul 11 17:48:40 EDT 2013
Does anyone have any good documentation on exactly what types of packets
match each of the "ddos-protection protocols" out there?
For example, I was just helping someone who was getting a flood of
"sample:pfe" hits on an MX, and I noticed the documentation says exactly
nothing about it:
http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-ddos-protocols.html
sample - The following sample packet types are available:
pfe - Packet Forwarding Engine packets.
Now for this particular one it wasn't "too" hard to figure out that they
meant excessive sampled packets being punted from the pfe to the RE, in
this case from a firewall "then log" action. But, that's probably not
even close to obvious to the vast majority of people, and there are a
lot of other matches in here that aren't terribly self-explanitory
either. It also seems like there should be some overview documentation
explaining what the default rate-limits are for each type, but I'm not
finding it.
--
Richard A Steenbergen <ras at e-gerbil.net> http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
More information about the juniper-nsp
mailing list