We have 20x Ex4200 and we have in mind to use their sflow to analyze ddos attacks and traffics so :
1. Do we have any limitation on ex4200 sflow ?
2. If we enable sflow on our ex4200, when we receive ddos attacks it does not effect on CPU or cause high cpu usages or outage?
would you help us what is the best sflow configs (like as polling interval ,...) for detect ddos attacks and does not cause high cpu usages?
we just need to enable sflow on uplinks of our switches.
To protect RE/CPU a RE Filter of some type is recommended to be set and associated with Loopback address (Lo0). For Loopback setting info look here - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-interface-config-loopback-interfaces.html
As for a generic RE Filter, suggest you look here to get started - https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-stateless-example-rate-limits-based-on-packets-per-second.html
This RE Filter is a good practice, no matter what the platform is, athough most documentation will be targeted toward MX. There is no "one fits all" for this, but the doc should get you started and then it is just a matter of fine-turning for your specific environment and needs or worries.