Navigation
Supported Platforms
Related Documentation
Configuring Flow Detection for Individual Protocol Groups or Packets
By default, flow detection is disabled for all protocol groups and packet types. After you have turned on flow detection globally, you can include the flow-detection-mode statement to configure flow detection to operate differently for individual packet types. By default, flow detection operates in automatic mode for all packet types, meaning that it monitors control traffic for suspicious flows only after a DDoS policer has been violated. You can also configure flow detection either to never monitor flows or to always monitor flows.
 | Note: The flow detection mode at the packet level must be either automatic or on for flow detection to operate at individual flow aggregation levels. |
To configure how flow detection operates:
- Disable suspicious flow detection for a packet type.[edit system ddos-protection protocols protocol-group packet-type]user@host# set flow-detection-mode off
- Set flow detection to operate automatically when a policer
is violated.[edit system ddos-protection protocols protocol-group packet-type]user@host# set flow-detection-mode automatic
- Specify that flow detection is always on for a packet
type.[edit system ddos-protection protocols protocol-group packet-type]user@host# set flow-detection-mode on
