[j-nsp] rate limiting per-user prefix lists

mike+jnsp at willitsonline.com mike+jnsp at willitsonline.com
Mon Jan 14 12:51:55 EST 2019

On 1/9/19 7:37 AM, Alexander Arseniev via juniper-nsp wrote:
> Hello,
> Well, the prefix-action policers would likely relieve congestion on
> Your backhaul MW links but the 100Mbps "last mile" will still be
> congested, with a mix of good and bad packets.
> And I would say more bad than good because good traffic (mainly HTTPS
> nowadays) will do TCP backoff at the early stage of congestion and bad
> packets (i.e. UDP flood) will fill the void in the 100Mbps policer
> buckets.
> Have a look at the latest Juniper-Correro DDOS solution that detects
> the attack, finds the packet "fingerprint" & then drops only bad
> packets, and it's all automated
> https://www.corero.com/resources/data-sheets/juniper-networks-solution-brief/
> HTH 

Thank you for the feedback.

The Correro solution was quoted to me as $50k to protect (1) 10gbps
link, which I think it completely silly.


More information about the juniper-nsp mailing list