Hi Arix,
Yes, you should configure this to see the flow which is causing this. I thought you already have this configued but there is no current violation. But we do see that there are current violations.
So configuring this command will help you narrow down the flow.
"set system ddos-protection global flow-detection"
Once you configur it ; please collect the following :
show ddos-protection protocols exceptions mtu-exceeded culprit-flows detail fpc-slot 0
show ddos-protection protocols culprit-flows detail fpc-slot 0
show log messages
As we see in outputs below that its violated. You should be able to find the cultprit soon.
9200EX> show ddos-protection protocols statistics terse
Packet types: 216, Received traffic: 45, Currently violated: 1
Protocol Packet Received Dropped Rate Violation State
group type (packets) (packets) (pps) counts
resolve aggregate 278951888 40812 6 0 ok
resolve ucast-v4 278951888 40812 6 3 ok
dhcpv4 aggregate 70938878 268 4 0 ok
dhcpv4 discover 1986321 0 0 0 ok
dhcpv4 offer 37323 0 0 0 ok
dhcpv4 request 4245428 0 1 0 ok
dhcpv4 decline 38 0 0 0 ok
dhcpv4 ack 26861799 160 1 2 ok
dhcpv4 nak 26391 0 0 0 ok
dhcpv4 release 1099 0 0 0 ok
dhcpv4 inform 33886007 0 2 0 ok
dhcpv4 renew 3882593 0 0 0 ok
dhcpv4 bad-pack.. 108 108 0 17 ok
dhcpv4 rebind 11771 0 0 0 ok
icmp aggregate 26311463 0 1 0 ok
igmp aggregate 419430 0 0 0 ok
ospf aggregate 6260159 0 0 0 ok
bfd aggregate 97833793 0 3 0 ok
ldp aggregate 21633697 0 1 0 ok
bgp aggregate 8094413 0 0 0 ok
vrrp aggregate 359682365 0 14 0 ok
telnet aggregate 40 0 0 0 ok
ftp aggregate 941 0 0 0 ok
ssh aggregate 9458765 0 0 0 ok
snmp aggregate 165987353 0 0 0 ok
lacp aggregate 744524855 0 26 0 ok
arp aggregate 537301390 0 23 0 ok
mlp aggregate 601759312 0 20 0 ok
mlp lookup 82819413 0 2 0 ok
mlp add 18911095 0 0 0 ok
mlp delete 500028804 0 17 0 ok
ttl aggregate 111902738 0 2 0 ok
exception aggregate 80385260 23033587 0 1364 ok
exception mtu-exceed 80385260 23033553 0 23756 viol
9200EX> ...show ddos policer exceptions violations-history" target fpc0 | no-more
SENT: Ukern command: show ddos policer exceptions violations-history
DDOS Policer Violations:
seen is viol
idx prot group proto viol viol count start-t(ms) last-t(ms)
--- --- ----------- ----------- ---- ---- ------ ----------- -----------
140 4000 exception aggregate yes no 1299 27042019255 27042019255
142 4002 exception mtu-exceed yes yes 23511 27109749565 27109749565
Hope this helps!
Thanks
Arpit
+++++++++++++++++++++++++++++++++++++++++++++
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
+++++++++++++++++++++++++++++++++++++++++++++