Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

Forwarding Packets to the Discard Interface

The discard interface allows you to protect a network from denial-of-service (DoS) attacks by identifying the target IP address that is being attacked and configuring a policy to forward all packets to a discard interface. All packets forwarded to the discard interface are dropped.

To configure the discard interface, include the dsc statement:

dsc {unit 0 {family inet {filter {input filter-name;output filter-name;}}}}

You can include this statement at the following hierarchy levels:

  • [edit interfaces interface-name]
  • [edit logical-systems logical-system-name interfaces interface-name]

The dsc interface name denotes the discard interface. The discard interface supports only unit 0.

The following two configurations are required to configure a policy to forward all packets to the discard interface.

Configure an input policy to associate a community with the discard interface:

[edit]policy-options {community community-name members [ community-id ];policy-statement statement-name {term term-name {from community community-name;then {next-hop address; # Remote end of the point-to-point interfaceaccept;}}}}

Configure an output policy to set up the community on the routes injected into the network:

[edit]policy-options {policy-statement statement-name {term term-name {from prefix-list name;then community (set | add | delete) community-name;}}}

Published: 2012-12-04

Supported Platforms

Published: 2012-12-04

Previous Page Next Page