[j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

Chris Morrow morrowc at ops-netman.net
Wed Dec 10 22:20:28 EST 2014 


On 12/10/2014 09:54 PM, Wojciech Janiszewski wrote:
> Hi,
> 
> Make sure that you have a "discard" next-hop instead of default "reject" in
> your aggregate routes.
> That should help.

ick, that ddos protection stuff in JunOS is broken...you should just
disable it:
system {
    ddos-protection {
        global {
            disable-routing-engine;
            disable-fpc;
            disable-logging;
        }
    }
}



> 2014-12-10 23:16 GMT+01:00 Brendan Mannella <bmannella at teraswitch.com>:
> 
>> Just wondering if anyone has ever seen these DDOS messages before and
>> what i should be looking at to resolve.
>>
>> Dec 10 11:10:24  re0.edge2 jddosd[2710]:
>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>> to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
>> EST to 2014-12-10 11:05:23 EST
>>
>> Dec 10 11:23:44  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>> Protocol Reject:aggregate is violated at fpc 1 for 932 times, started
>> at 2014-12-10 11:23:43 EST
>>
>> Dec 10 11:28:49  re0.edge2 jddosd[2710]:
>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>> to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43
>> EST to 2014-12-10 11:23:43 EST
>>
>> Dec 10 12:50:55  re0.edge2 xntpd[2681]: kernel time sync enabled 6001
>>
>> Dec 10 13:08:00  re0.edge2 xntpd[2681]: kernel time sync enabled 2001
>>
>> Dec 10 15:01:34  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>> Protocol Reject:aggregate is violated at fpc 1 for 933 times, started
>> at 2014-12-10 15:01:33 EST
>>
>> Dec 10 15:06:34  re0.edge2 jddosd[2710]:
>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>> to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33
>> EST to 2014-12-10 15:01:33 EST
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list