[j-nsp] ddos-protection

Richard A Steenbergen ras at e-gerbil.net
Thu Jul 11 17:48:40 EDT 2013


Does anyone have any good documentation on exactly what types of packets 
match each of the "ddos-protection protocols" out there? 

For example, I was just helping someone who was getting a flood of 
"sample:pfe" hits on an MX, and I noticed the documentation says exactly 
nothing about it:

http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-ddos-protocols.html

sample - The following sample packet types are available:
   pfe - Packet Forwarding Engine packets.

Now for this particular one it wasn't "too" hard to figure out that they 
meant excessive sampled packets being punted from the pfe to the RE, in 
this case from a firewall "then log" action. But, that's probably not 
even close to obvious to the vast majority of people, and there are a 
lot of other matches in here that aren't terribly self-explanitory 
either. It also seems like there should be some overview documentation 
explaining what the default rate-limits are for each type, but I'm not 
finding it.

-- 
Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)


More information about the juniper-nsp mailing list