Hello,
RE filter is executed before Trio DDOS protection and cannot affect resolve requests which are internal-to-the-router.
You need to tighten the resolve policer to much lower value (default 3Kpps with 5Kpackets burst)
show ddos-protection protocols parameters brief | grep resolv
resolve aggregate 5000 10000 -- 300 yes -- no
resolve other 2000 2000 Low 300 yes no no
resolve ucast-v4 3000 5000 Low 300 yes no no
resolve mcast-v4 3000 5000 Low 300 yes no no
resolve ucast-v6 3000 5000 Low 300 yes no no
resolve mcast-v6 3000 5000 Low 300 yes no no
I suggest You reconfigure the resolve-ucast-v4 policer to 100 pps as a 1st step towards resolution:
set system ddos-protection protocols resolve ucast-v4 bandwidth 100
set system ddos-protection protocols resolve ucast-v4 burst 100
@xinhui jiang wrote:
when I see these logs, any else effect?
Well, You just experienced the effect - "unable to log in via SSH" because Your RE was too busy.
And likely Your routing protocols went down as well.
HTH
Thx
Alex