Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Configuring Flow Detection for DDoS Protection

Flow detection monitors the flows of control traffic for violation of the bandwidth allowed for each flow and manages traffic identified as a culprit flow. Suppression of the traffic is the default management option. Flow detection is typically implemented as part of an overall DDoS protection strategy, but it is also useful for troubleshooting and understanding traffic flow in new configurations. Flow detection is disabled by default.

Before you begin, ensure you have configured DDoS protection appropriately for you network. See Configuring Protection Against DDoS Attacks for detailed information about DDoS protection.

To configure flow detection:

  1. Enable flow detection globally for all protocol groups and packet types.

    See Enabling Flow Detection for All Protocol Groups and Packet Types.

  2. (Optional) Set the rate at which culprit flow events are reported for all line cards, protocol groups, and packet types.

    See Configuring the Culprit Flow Reporting Rate for All Protocol Groups and Packet Types.

  3. Set the rate at which bandwidth violations are reported for all line cards, protocol groups, and packet types.

    See Configuring the Violation Reporting Rate for All Protocol Groups and Packet Types.

  4. (Optional) Configure how long a suspicious flow must be in violation of flow bandwidth before being declared a culprit flow.

    See Configuring the Detection Period for Suspicious Flows.

  5. (Optional) Configure how long a culprit flow must drop to within its allowed bandwidth before being declared normal.

    See Configuring the Recovery Period for a Culprit Flow.

  6. (Optional) Enable and configure how long a culprit flow is suppressed or monitored.

    See Configuring the Timeout Period for a Culprit Flow.

  7. (Optional) Configure when flow detection monitors flows.

    See Configuring Flow Detection for Individual Protocol Groups or Packets.

  8. (Optional) Configure when flow detection operates at each flow aggregation level (subscriber, logical interface, and physical interface).

    See Configuring How Flow Detection Operates at Each Flow Aggregation Level.

  9. Configure the maximum bandwidth for packet flows at each flow aggregation level (subscriber, logical interface, and physical interface).

    See Configuring the Maximum Flow Bandwidth at Each Flow Aggregation Level.

  10. (Optional) Configure how traffic is controlled at each flow aggregation level (subscriber, logical interface, and physical interface) for flows that violate their bandwidth.

    See Configuring How Traffic in a Culprit Flow Is Controlled at Each Flow Aggregation Level.

  11. (Optional) Disable automatic logging of suspicious flows.

    See Disabling Automatic Logging of Culprit Flow Events for a Packet Type.

 

Related Documentation

 

Published: 2012-12-11

Previous Page Next Page