Name: Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X
Brand: Juniper
Rating: 5 (1 reviews)

To Next Page

To Previous Page

■ Protocol drop probability for suspicious packets enables you to map a protocol

to a specific drop probability. The drop probability is the percentage probability

that a suspicious packet is dropped.

■ Protocol skip priority rate limiter enables you to configure the system so that

the specified protocol is not subject to the priority rate limiter for the priority

and DoS protection group selected. The default is off—the protocol is subject to

priority rate limiting.

■ Priority rate sets the rate of the priority in packets per second for the line module.

If this rate is exceeded, it triggers DoS suspicious control flow detection.

■ Priority burst enables you to set the number of packets allowed to exceed the

maximum rate before packets are dropped and DoS suspicious control flow

detection is triggered.

■ Priority oversubscription enables you to set an oversubscription factor for the

priority rate limiter. In addition to the priority rate, it calculates the minimum

rate limits for protocols with a priority grouping and allows for oversubscription

of the priority rate. The value indicates a percentage that the priority rate limiter

is allowed to be oversubscribed, in the range 100–1000.

Attaching Groups

By default, each interface belongs to the default DoS protection group. The name is

the only non-configurable aspect of the default DoS protection group.

The DoS protection group is a configurable parameter for all Layer 2 and IP interfaces.

Similar to other configurable interface parameters, the DoS protection group can be

set using profiles.

Because all newly created interfaces default to using the default DoS protection group,

they do not inherit any DoS protection group association from a higher or lower

interface binding.

The DoS group applies to all types of control flows for the specific interface. For

example, an IP interface supports a variety of control protocols, each of which can

be separately mapped to a priority and drop probability, but to a single DoS protection

group.

Protocol Mapping

Table 49 on page 462 and Table 50 on page 464 list the protocols mapped within DoS

protection groups.

Table 49: Layer 2-Related Protocols

Description of FlowCLI Name

ATM ILMI packetsatmControl

ATM OAM packetsatmOAM

ATM dynamic interface column creationatmDynamicIf

462 ■ Denial of Service (DoS) Protection

JUNOSe 11.1.x System Basics Configuration Guide

Questions and Answers:

Need help?

Do you have a question about the Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?

Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X Specifications

General

Brand	Juniper
Model	SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X
Category	Software
Language	English

Related product manuals

JUNOS OS 10.3 - SYSTEM LOG MESSAGES REFERENCE 7-12-2010

748 pages

BGP - CONFIGURATION GUIDE V 11.1.X

748 pages

JUNOS 10.1 - RELEASE NOTES REV 4

205 pages

JUNOS - NETWORK OPERATION GUIDE REV1

722 pages

JUNOSE 11.2.X MULTICAST ROUTING

262 pages

JUNOSE 11.2.X BGP AND MPLS

742 pages

Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X User Manual

Table of Contents

Questions and Answers:

Juniper SYSTEM BASICS - CONFIGURATION GUIDE V 11.1.X Specifications

Related product manuals