Hi.
I was recently attacked with UDP flood 200-300kpps. And the card processors were loaded at 100%. Broadcasts were falling off. But it only happened for 2-4 seconds several times an hour. So I couldn't track it for a long time.
When I identified the source of the attack, I blocked it with a firewall. But the attack can happen again from other addresses. So I want to ask how to better protect the card?
Maybe:
set interfaces ams0 services-options session-limit [maximum | rate]
But I can't decide on the value. And it's not clear from the documentation whether this applies to all cards on the ams0 interface or separately for each card/pic
At peak times, I have about ~800k sessions across all cards.
Thanks