Saturday, 3 September 2016

Configuring Protection Against DDoS Attacks

DDoS protection is enabled by default for all supported protocol groups and packet types. Default values are present for bandwidth, bandwidth scale, burst, burst scale, priority, and recover time. You can change the DDoS configuration for individual packet types within a protocol group or for the aggregate policer for the protocol group. DDoS logging is enabled by default, but you can disable it globally for all DDoS events or for individual packet types within a protocol group. You can also fine-tune monitoring of DDoS events by configuring tracing operations.
You can disable DDoS protection at the Routing Engine and for all line cards either globally or for individual packet types within a protocol group.

DDoS protection is supported only on MX Series routers that have only MPCs installed and T4000 routers that have only FPC5s installed. If the router has other line cards in addition to MPCs or FPC5s, respectively, the CLI accepts the configuration but the other line cards are not protected and so the router is not protected.

No comments:

Post a Comment

loading...