[j-nsp] edge acl and interface utilization
tim tiriche
tim.tiriche at gmail.com
Wed Feb 3 11:55:05 EST 2016
Hi,
I have a silly question.
If i have 10G interface with an inbound ACL to drop UDP/80
Now, if i have 30G of incoming traffic (with 25G of UDP/80 (bad) + 5G of
TCP/80 (good)).
Will 5G be processed fine during this time?
2nd question:
Are there any ACL recommendation to filter DNS Amplification/reflex attack.
Is there a signature i can use? With DNSSEC, i cannot filter fragments or
udp > 512bytes.
Any ACL recommendations would be helpful especially around (ip options,
certain tcp flags, udp
flood).
Do folks implement any sort of QOS on the edge for floods?
-Tim
More information about the juniper-nsp
mailing list