[j-nsp] DDOS_PROTOCOL_VIOLATION_SET: Protocol Reject:aggregate

Giuliano (WZTECH) giuliano at wztech.com.br
Wed Dec 10 23:21:23 EST 2014 

Chris

The best option is to disable the feature ?

And about to configure it ?

If you have a protect-re firewall filter applied in loopback ... Can this be done ?

Is it safe ?

Some documents from juniper showing the best way ?

And about to disable the process ?

Thanks a lot



Sent from my iPhone

> On Dec 11, 2014, at 01:20, Chris Morrow <morrowc at ops-netman.net> wrote:
> 
> 
> 
>> On 12/10/2014 09:54 PM, Wojciech Janiszewski wrote:
>> Hi,
>> 
>> Make sure that you have a "discard" next-hop instead of default "reject" in
>> your aggregate routes.
>> That should help.
> 
> ick, that ddos protection stuff in JunOS is broken...you should just
> disable it:
> system {
>    ddos-protection {
>        global {
>            disable-routing-engine;
>            disable-fpc;
>            disable-logging;
>        }
>    }
> }
> 
> 
> 
>> 2014-12-10 23:16 GMT+01:00 Brendan Mannella <bmannella at teraswitch.com>:
>> 
>>> Just wondering if anyone has ever seen these DDOS messages before and
>>> what i should be looking at to resolve.
>>> 
>>> Dec 10 11:10:24  re0.edge2 jddosd[2710]:
>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>> to normal. Violated at fpc 1 for 931 times, from 2014-12-10 11:05:23
>>> EST to 2014-12-10 11:05:23 EST
>>> 
>>> Dec 10 11:23:44  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>>> Protocol Reject:aggregate is violated at fpc 1 for 932 times, started
>>> at 2014-12-10 11:23:43 EST
>>> 
>>> Dec 10 11:28:49  re0.edge2 jddosd[2710]:
>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>> to normal. Violated at fpc 1 for 932 times, from 2014-12-10 11:23:43
>>> EST to 2014-12-10 11:23:43 EST
>>> 
>>> Dec 10 12:50:55  re0.edge2 xntpd[2681]: kernel time sync enabled 6001
>>> 
>>> Dec 10 13:08:00  re0.edge2 xntpd[2681]: kernel time sync enabled 2001
>>> 
>>> Dec 10 15:01:34  re0.edge2 jddosd[2710]: DDOS_PROTOCOL_VIOLATION_SET:
>>> Protocol Reject:aggregate is violated at fpc 1 for 933 times, started
>>> at 2014-12-10 15:01:33 EST
>>> 
>>> Dec 10 15:06:34  re0.edge2 jddosd[2710]:
>>> DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol Reject:aggregate has returned
>>> to normal. Violated at fpc 1 for 933 times, from 2014-12-10 15:01:33
>>> EST to 2014-12-10 15:01:33 EST
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list