I recently started playing with the ddos-protection on a qfx device. I noticed when i asked to show the violations it just says the protocol being violated and what the rate of the violation is which is great. However, i can't seem to find anything that says "X IRB" or "xe-0/0/1" is violating X policer.
Is there anyway to find this information? I enabled all on a ddos-trace log but still nothing that tells me who is abusing. Its great its dropping the packets but id love to find where the abuse is coming from on the switch.
Hi, Thanks! I have seen more info when we use flow-detection but it seems this is not suported for QFX and what we have is the traceptions for this one, is level all enable as well on the trace? From the output we have the violations but there are not more details
Yes it is but its not telling me what ip/port/irb is offending. We have flows setup on our edge router (mx480) but not on the QFXs. I think im going to setup some type of ntop and pump the flows into it and try to find it that way.
DDOS Commands: [My favorite List] show ddos-protection protocols statistics terse <<< who is violating at this point;check the state show ddos-protection protocols statistics brief <<< Show brief output for all Protocol show ddos-protection protocols statistics detail <<< Show detail output for all Protocol show ddos-protection statistics <<< Show overall statistics show ddos-protection protocols parameters detail <<< shwo detailed configured/default ddos-protection protocols parameters show ddos-protection protocols parameters brief show ddos-protection protocols parameters | no-more <<< to see the default values show ddos-protection protocols violations <<< Show summary of all protocol violations show ddos-protection protocols ip-options flow-detection show ddos-protection protocols flow-detection | no-more show ddos-protection protocols flow-detection detail | no-more clear ddos-protection protocols arp states clear ddos-protection protocols statistics show ddos-protection protocols arp violations show ddos-protection protocols arp culprit-flows <<<
-Python JNCIE 3X [SP|DC|ENT] JNCIP-SEC JNCDS 3X [ WAN | DC|SEC] JNCIS-Cloud JNCIS-DevOps CCIP ITIL #Please mark my solution as accepted if it helped, Kudos are appreciated as well.