Junos OS

Expand all | Collapse all

ddos-protection violation protocol sample

Jump to Best Answer
  • 1.  ddos-protection violation protocol sample

    Posted 05-29-2019 04:05

    Hello,

     

    What means the DDOS-PROTECTION sample, coming from pfe, when you aren't using sampling on any interface.

     

    admin@RT> show ddos-protection protocols violations
    Packet types: 219, Currently violated: 2

    Protocol Packet Bandwidth Arrival Peak Policer bandwidth
    group type (pps) rate(pps) rate(pps) violation detected at
    sample aggregate 1000 71268 101310 2019-05-28 22:04:42 BRT
    Detected on: FPC-0
    sample pfe 1000 71337 101209 2019-05-28 22:04:41 BRT
    Detected on: FPC-0

     

    admin@RT> show configuration | match sampl

    admin@RT>

     

    admin@RT> show pfe statistics notification | match sample

    Sample 35946049 35946049 0 0

     

    Any ideas?

     



  • 2.  RE: ddos-protection violation protocol sample

     
    Posted 05-29-2019 04:18

    Hi rganascim
    as per the this link https://www.juniper.net/documentation/en_US/junos/topics/reference/command-summary/show-pfe-statistics-notification.html  this is the number of notifications sampled , sample—"Number of notifications sampled." as this command is related to Information about Packet Forwarding Engine notification statistics.

     

    Thanks



  • 3.  RE: ddos-protection violation protocol sample

    Posted 05-29-2019 04:35

    Hello @asaleh,

     

    Thanks. But is this high volume targetting the threshold of ddos-protection all the time a normal behavior?

     



  • 4.  RE: ddos-protection violation protocol sample

     
    Posted 05-29-2019 08:34

    Another application using sampling is port mirror. Do you have that?

    Usually these messages are not harmful. They just impact how much traffic is sent to you collection device. You can increase the sampling rate, but you don't have. For port mirror, turn it off if you are not actively collecting transit traffic 



  • 5.  RE: ddos-protection violation protocol sample

    Posted 05-29-2019 09:39

    There is no port mirror configured.

     

    Our scenario is a MX 104 with ~11k pppoe subscribers. Using LACP + dmux interfaces (some with dot1q and some with qinq).

     

     

     



  • 6.  RE: ddos-protection violation protocol sample
    Best Answer

     
    Posted 05-29-2019 10:20

    do you have any firewall filter with syslog/log action? 



  • 7.  RE: ddos-protection violation protocol sample

    Posted 05-29-2019 12:12

    I disabled all the "log/syslog" action from firewall filters as you said, and the ddos-protection was clean. The problem is solved.

     

    Thanks @mhu !

     

    admin@RT> show ddos-protection protocols violations
    Packet types: 219, Currently violated: 0