Ethernet Switching
Ethernet Switching

EX DDOS explanation

‎03-21-2019 05:40 AM

Would anyone be able to direct me to any detailed  docs to read up on the  system ddos-protection  stuff ?

Right now im looking for EX platform stuff but will soon be needing this for QFX (and MX if i get my buget funded).

I undertand this idea. Cisco calls it Control Plane Policing  ( CPP) .   Since we do the default action of protect-re filters

im just want to see what this ddos-protection can do in line with that and how to bettter tshoot it if we need to..

We run Nexus (will be replacing with qfx) and have had to deal with the Fcards sending traffic to its Mcards and havign issues with the with CPP.   So just wanting to jump ahead with issues ive dealt with in the past..



Maybe an Ambassador Day One recipe idea ??!?!? Hint Hint. Smiley Happy





Ethernet Switching
Accepted by topic author tgreaser
‎03-23-2019 05:29 AM

Re: EX DDOS explanation

‎03-21-2019 06:23 AM

Hi tgreaser,


These should help get you started with DDOS protection on Junos:


Hope this helps.



If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated Smiley Happy.

Ethernet Switching

Re: EX DDOS explanation

‎03-21-2019 06:34 AM

I'm not sure whether there's a day one book describing that (hopefully someone could point to it if there is one).

Check this link for more info on QFX ddos policers (general overview):


KB entry displaying some of HW specifics:



Ethernet Switching

Re: EX DDOS explanation

‎03-23-2019 05:30 AM
You nailed it. Both replies were informative and helpful