[j-nsp] EX3400 DDOS protection strangeness
Jason Healy
jhealy at logn.net
Wed Sep 24 12:01:37 EDT 2025
On Sep 24, 2025, at 2:44 AM, Saku Ytti <saku at ytti.fi> wrote:
>
> I want to add clarity here. You are of course punting frames on all
> VLANs. As this is not IP only, this is also L2.
But only where an IRB is present, yes? Example: I have VLANs 10,20,30,40 on the switch, but only irb.10 exists with an L3 interface. I don't have to worry about ARP or other protocols on VLANs 20, 30, 40 because those are forwarded on the data plane only, correct?
Either way, I've taken several packet captures on the IRB and uplinks to this switch, and there are no traffic bursts that correlate to the DDOS messages (irb never goes above 50pps). Meanwhile, the uplink captures also show no OSPF/VC/etc traffic whatsoever, and those have increasing ddos counters, so I suspect something is flaky on the hardware. Unless I see this on other switches, I'm going to pop this one out and see if that resolves the issue.
Thanks,
Jason
More information about the juniper-nsp
mailing list