I have some QFX5110 which are pushing quite a bit of public traffic. As it's general public traffic you see quite a few ttl's on the unit. As traffic has increased this has increased the amount of times the DDOS protection is triggered. This would be fine but an adverse affect of this is it also triggers our monitoring tool as it stops the pings from that.
It's been on it's default level of 50 pps out of the box. I'm wondering if anyone has experience of increasing this and any adverse affects?
I'm thinking of just increasing it to 500 to see if that stops the DDOS protection and thus stops our SNMP monitoring from thinking the device has dropped due to pings no longer responding.
I know I can just increase wit with 'set system ddos-protection protocols ttl aggregate bandwidth 500' and it looks like you can increase it to 100000 so I figured '500' isn't so bad.
Alternatively is there a way for the DDOS protection to ignore the IP we are using for monitoring?
thanks!