Routing

 View Only
last person joined: yesterday 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  MS-MPC UDP Flood

    Posted 12-10-2024 11:46

    Hi.
    I was recently attacked with UDP flood 200-300kpps. And the card processors were loaded at 100%. Broadcasts were falling off. But it only happened for 2-4 seconds several times an hour. So I couldn't track it for a long time.

    When I identified the source of the attack, I blocked it with a firewall. But the attack can happen again from other addresses. So I want to ask how to better protect the card?

    Maybe:

    set interfaces ams0 services-options session-limit [maximum | rate] 

    But I can't decide on the value. And it's not clear from the documentation whether this applies to all cards on the ams0 interface or separately for each card/pic

    At peak times, I have about ~800k sessions across all cards.

    Thanks

    CPU at the time of attack