[j-nsp] MX480 RE-S-2000 IGMP flood
Chuck Anderson
cra at WPI.EDU
Fri Jan 31 10:08:46 EST 2014
On Thu, Jan 30, 2014 at 10:58:05PM -0800, joel jaeggli wrote:
> http://tools.ietf.org/search/rfc6192
>
> has an excellent example recipie for juniper and cisco control-plane
> protection.
>
> it's a good starting off point and it covers the rational behind the
> various elements in detail.
"o Permit all other IPv4 and IPv6 traffic that was not explicitly
matched in a class above, rate-limited to 500 kbps, and drop above
that rate for each category"
Why would one want a default-allow policy, even rate-limited, for the
control-plane?
More information about the juniper-nsp
mailing list