I am currently reviewing the following documentation with regards to protecting our network and Subscribers from DDoS attacks:
What I would like to know is what the recommended rates would be on 10g links please?
To get to the answer I require, would the following sound plausible:
1024 bytes in 1kb
1024 kb in 1mb
1024 mb in 1gb
so, 1024 x 1024 x 1024 x 10 / 1500 (Ethernet packet)
Gives me 7,158,278 - Does this sound right for a PPS throughput on a 10g link? Sounds a little high to me
Ignore. It looks like it will be a test and see scenario. Thanks.
DDoS for subscribers depends on the type of access mode where B-RAS(as edge) is deployed into. If its open network (like airport/malls..etc), or if the access network is multiplexed from many sub-providers. the DDoS for subscriber is tuned to aggressive value.
If your access side of network is well protected with border/edge firewalls and where B-RAS deployed for home/office/residence boardband subscribers), you should stick with default DDoS settings that pretty much does the job which ratelimits/polices high incoming flows when it hits default peak rate for given protocol (in DDoS). Also, on top DDoS, from JUNOS 15.1 onwards, we have another lite weight protection function call ERA( Event Rate Analyzer) which turned ON by-default giving to enough protection against high incoming frames. More on what ERA is or does, check my post here: https://forums.juniper.net/t5/Junos/jdhcpd-era-discover-log-what-is-it-for/m-p/323735#M12783
And ofcourse, if at any point, if operator suspect control packet drops or high inflow taking CPU resource due to possible DDoS, you can tune DDoS for given protocol based on avtive pps inflow.