Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

physical-interface (DDoS Flow Detection)

Syntax

physical-interface (flow-bandwidth | flow-control-mode | flow-detection-mode)

Hierarchy Level

[edit system ddos-protection protocols protocol-group packet-type flow-level-bandwidth],[edit system ddos-protection protocols protocol-group packet-type flow-level-control],[edit system ddos-protection protocols protocol-group packet-type flow-level-detection]

Release Information

Statement introduced in Junos OS Release 12.3.

Description

(MX Series routers with MPCs only) Configure flow bandwidth, flow control mode, or flow detection mode at the physical interface flow aggregation level for the packet type.

Options

flow-bandwidth—Bandwidth for the flow at the physical interface level. Available only at the [edit system ddos-protection protocols protocol-group packet-type flow-level-bandwidth] hierarchy level.

Default: 20,000 packets per second

Range: 1 through 50,000 packets per second

flow-control-mode—Mode for how traffic in the detected flow is controlled at the physical interface level. Available only at the [edit system ddos-protection protocols protocol-group packet-type flow-level-control] hierarchy level.

  • drop—Drop all traffic in flow.
  • keep—Keep all traffic in flow.
  • police—Police the traffic to within its allowed bandwidth.

flow-detection-mode—Mode for how flow detection operates at the physical interface level when a policer has been violated. Available only at the [edit system ddos-protection protocols protocol-group packet-type flow-level-detection] hierarchy level.

  • automatic—Search flows at the physical interface level only when a DDoS policer is being violated and only when the policer violation is not discovered at the finer aggregation levels, logical interface or subscriber. Flows at the physical interface level are subsequently not searched again until a subsequent violation occurs that cannot be found at the subscriber or logical interface levels.
  • off—Disable flow detection at the physical interface level so that flows are never searched at this level.
  • on—Search flows at the physical interface level, even when no DDoS protection policer is currently being violated. Monitoring continues at this level regardless of whether a suspect flow is identified at this level.

Required Privilege Level

admin—To view this statement in the configuration.

admin-control—To add this statement to the configuration.

 

Related Documentation

 

Published: 2013-07-17

Previous Page Next Page