[j-nsp] essential network rate limiting and ddos mitigation
mike+jnsp at willitsonline.com
mike+jnsp at willitsonline.com
Fri Jun 22 08:12:23 EDT 2018
Hello,
I am very new to juniper, please pardon my ignorance.
I have an MX240, and I have a 10G link to my upstream. I have
several other links facing my customers and hosting infrastructure which
all run at something decidedly less than 10G. Im interested in
implementing some network rate limit controls so that certain common
attacks like dns / ldap / memcache reflection can be rate limited down
to reasonable levels and avoid trying to forward a 4gbps stream down a
100mbps pipe. I know I want a layered system of policies and that I want
to include perhaps sampling and such with jflow or other tools and rtbh,
but for right now having even just basic limits on known reflection
attack protocols would be a huge step forward.
I was wondering what the 'quick and dirty' setup of rate limiting
the forwarding of certain protocols and to certain destination networks
/ interfaces would look like on this platform. Some basic config
snippets would be a huge help.
Thank you.
Mike-
More information about the juniper-nsp
mailing list