[j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

Wojciech Janiszewski wojciech.janiszewski at gmail.com
Wed Dec 10 22:22:14 EST 2014 

Hi Rodrigo,

It is as simple as "set routing-options aggregate route <destination>
discard"

Regards,
Wojciech

2014-12-11 4:22 GMT+01:00 Rodrigo 1telecom <rodrigo at 1telecom.com.br>:

> Can you put an exame of this configuration Janiszewski?!
>
>
> Enviado via iPhone 
> Grupo Connectoway
>
> > Em 10/12/2014, às 23:54, Wojciech Janiszewski <
> wojciech.janiszewski at gmail.com> escreveu:
> >
> > Hi,
> >
> > Make sure that you have a "discard" next-hop instead of default "reject"
> in
> > your aggregate routes.
> > That should help.
> >
> > Regards,
> > Wojciech
> >
> > 2014-12-10 23:16 GMT+01:00 Brendan Mannella <bmannella at teraswitch.com>:
> >
> >> Just wondering if anyone has ever seen these DDOS messages before and
> >> what i should be looking at to resolve.
> >>
> >> Dec 10 11:10:24  re0.edge2 jddosd[2710]:
> >> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
> >> to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
> >> EST to 2014-12-10 11:05:23 EST
> >>
> >> Dec 10 11:23:44  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
> >> Protocol Reject:aggregate is violated at fpc 1 for 932 times, started
> >> at 2014-12-10 11:23:43 EST
> >>
> >> Dec 10 11:28:49  re0.edge2 jddosd[2710]:
> >> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
> >> to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43
> >> EST to 2014-12-10 11:23:43 EST
> >>
> >> Dec 10 12:50:55  re0.edge2 xntpd[2681]: kernel time sync enabled 6001
> >>
> >> Dec 10 13:08:00  re0.edge2 xntpd[2681]: kernel time sync enabled 2001
> >>
> >> Dec 10 15:01:34  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
> >> Protocol Reject:aggregate is violated at fpc 1 for 933 times, started
> >> at 2014-12-10 15:01:33 EST
> >>
> >> Dec 10 15:06:34  re0.edge2 jddosd[2710]:
> >> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
> >> to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33
> >> EST to 2014-12-10 15:01:33 EST
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list