Supported Platforms
Configuring the Timeout Period for a Culprit Flow
When DDoS protection flow detection identifies a suspicious flow as a culprit flow, by default it suppresses traffic for that flow for as long as the traffic flow exceeds the bandwidth limit. Suppression stops and the flow is removed from the flow table when the time since the last violation by the flow is greater than the recovery period.
Alternatively, you can include the timeout-active-flows statement to enable flow detection to suppress a culprit flow for a configurable timeout period. When the timeout period expires, suppression stops and the flow is removed from the flow table. You can either include the flow-timeout-time statement to configure the duration of the timeout period or rely on the default timeout of 300 seconds.
To enable flow detection to suppress a culprit flow for a timeout period:
- Enable the timeout.[edit system ddos-protection protocols protocol-group packet-type]user@host# set timeout-active-flows
- Specify the timeout period.[edit system ddos-protection protocols protocol-group packet-type]user@host# setflow-timeout-time seconds
For example, include the following statements to suppress the DHCPv4 discover packet flow for 10 minutes (600 seconds):
