Hi Karl,
DDOS subsystem applies only to the traffic destined to the host (router
itself) and not transit traffic.
When you announce that /18 have you got all destinations of that /18
reachable by the router? Have you got default route ?
The graceful way to handle those messages is to figure out what causing
them i presume.
I'd start figuring out what's going on from answering above questions
and looking at below outputs:
show ddos-protection protocols resolve statistics brief
show ddos-protection protocols violations
I'm sure if you google this topic you may find a lot of information as well
On 21-Nov-17 12:01, Karl Gerhard wrote:
Hello
our syslog is getting spammed with the following messages:
jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol resolve:ucast-v4
is violated at fpc 11 for 1389 times
jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol
resolve:ucast-v4 has returned to normal. Violated at fpc 11 for 1389 times
What is puzzling is that there is barely any traffic going through that machine
(like 5 MBit/s). It seems like those messages are being triggered by random
noise from the internet just by announcing a single /18.
Is that normal? Is there a way to gracefully handle those messages (i.e. save
them into another file) without losing important information?
Regards
Karl
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
