[j-nsp] ACL for lo0 template/example comprehensive list of 'things to think about'?
Antti Ristimäki
antti.ristimaki at csc.fi
Thu Jul 12 23:18:58 EDT 2018
Hi,
----- On 12 Jul, 2018, at 13:54, Saku Ytti saku at ytti.fi wrote:
> c) implement ddos-protection
> - configure _every_ protocol, set 10-100pps aggregate for
> protocols you don't know you need
> - disable sub detection, enable ifl detection
I can see the reasoning behind disabling sub detection, but how would you then protect e.g. in a peering VLAN a single peer from killing also all the other BGP sessions behind that specific ifl?
Antti
--
CSC - Tieteen tietotekniikan keskus Oy:n asiakas- seka sidosryhmarekisterien henkilotietojen kasittely kuvataan tietosuojaselosteissa:
https://www.csc.fi/tietosuoja
CSC - IT Center for Science Ltd processes customer and other stakeholder personal information in the following way:
https://www.csc.fi/privacy
More information about the juniper-nsp
mailing list