January 2019 17:59
To: juniper-nsp@puck.nether.net
Subject: Re: [j-nsp] rate limiting per-user prefix lists
On 1/9/19 6:14 AM, Niall Donaghy wrote:
> Hi Mike,
>
> I can give you a few hints:
>
> DPCE will perform poorly, depending on how many policers you
> instantiate.
>
On 1/9/19 6:14 AM, Niall Donaghy wrote:
> Hi Mike,
>
> I can give you a few hints:
>
> DPCE will perform poorly, depending on how many policers you
> instantiate.
> (hint: 10K will kill it, and hint: policers will not be accurate).
> MPCs will perform better but don't burden more
On 1/9/19 7:37 AM, Alexander Arseniev via juniper-nsp wrote:
> Hello,
>
> Well, the prefix-action policers would likely relieve congestion on
> Your backhaul MW links but the 100Mbps "last mile" will still be
> congested, with a mix of good and bad packets.
>
> And I would say more bad than good
Hello,
Well, the prefix-action policers would likely relieve congestion on Your
backhaul MW links but the 100Mbps "last mile" will still be congested,
with a mix of good and bad packets.
And I would say more bad than good because good traffic (mainly HTTPS
nowadays) will do TCP backoff at
: 08 January 2019 18:58
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] rate limiting per-user prefix lists
Hi,
My platform is Juniper mx240 running 15.1R6.7 and I'm interested in using
prefix-action to establish rate limits per user in my network.
DDOS attacks targeting single users
Hi,
My platform is Juniper mx240 running 15.1R6.7 and I'm interested in
using prefix-action to establish rate limits per user in my network.
DDOS attacks targeting single users on my network can frequently
affect many users who happen to share the same backhaul connectivity
such as to
6 matches
Mail list logo
