Most likely spoofed traffic or you don't have full tables or a default route. A /18 will pull a lot of unwanted traffic.
The DDoS protection factory defaults are very low in some cases. The Juniper MX Series book has a nice chapter on that. On Tue, 21 Nov 2017 at 09:02 Karl Gerhard <[email protected]> wrote: > Hello > > our syslog is getting spammed with the following messages: > jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_SET: Protocol > resolve:ucast-v4 is violated at fpc 11 for 1389 times > jddosd[12168]: %DAEMON-4-DDOS_PROTOCOL_VIOLATION_CLEAR: Protocol > resolve:ucast-v4 has returned to normal. Violated at fpc 11 for 1389 times > > What is puzzling is that there is barely any traffic going through that > machine (like 5 MBit/s). It seems like those messages are being triggered > by random noise from the internet just by announcing a single /18. > > Is that normal? Is there a way to gracefully handle those messages (i.e. > save them into another file) without losing important information? > > Regards > Karl > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
