Supported Platforms
Configuring the Recovery Period for a Culprit Flow
After DDoS protection flow detection has identified a suspicious flow as a culprit flow, it has to determine when that flow no longer represents a threat to the router. When the traffic flow rate drops back to within the allowed bandwidth, the rate must remain within the bandwidth for a recovery period. Only then does flow detection consider the flow to be normal and stop the traffic handling action enacted against the culprit flow. You can include the flow-recover-time statement to configure the duration of this recovery period or you can rely on the default period of 60 seconds.
To specify how long a flow must be within its allowed bandwidth after a violation before flow detection declares it to be a normal flow:
- Set the recovery period.[edit system ddos-protection protocols protocol-group packet-type]user@host# set flow-recover-time seconds
For example, include the following statement to require the DHCPv4 discover packet flow to be in recovery for five minutes (300 seconds):
[edit system ddos-protection protocols dhcpv4 discover]user@host# set flow-recover-time 300
