[j-nsp] Syslog getting spammed by DDOS_PROTOCOL_VIOLATION_SET
Timur Maryin
timamaryin at mail.ru
Tue Nov 21 07:10:08 EST 2017
Hi Karl,
DDOS subsystem applies only to the traffic destined to the host (router
itself) and not transit traffic.
When you announce that /18 have you got all destinations of that /18
reachable by the router? Have you got default route ?
The graceful way to handle those messages is to figure out what causing
them i presume.
I'd start figuring out what's going on from answering above questions
and looking at below outputs:
show ddos-protection protocols resolve statistics brief
show ddos-protection protocols violations
I'm sure if you google this topic you may find a lot of information as well
On 21-Nov-17 12:01, Karl Gerhard wrote:
> Hello
>
> our syslog is getting spammed with the following messages:
> jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol resolve:ucast-v4 is violated at fpc 11 for 1389 times
> jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol resolve:ucast-v4 has returned to normal. Violated at fpc 11 for 1389 times
>
> What is puzzling is that there is barely any traffic going through that machine (like 5 MBit/s). It seems like those messages are being triggered by random noise from the internet just by announcing a single /18.
>
> Is that normal? Is there a way to gracefully handle those messages (i.e. save them into another file) without losing important information?
>
> Regards
> Karl
More information about the juniper-nsp
mailing list