Routing

last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Juniper MX CPCD rate-limit

    Posted 11-16-2017 06:18

    Good day.

    We are using CPCD with subscribers management.

    CPCD is set up like this:

    rule R1 {
    match-direction input;
    term 1 {
        then {
            redirect http://redirect.page;
        }
    }
}
profile P1 {
    cpcd-rules R1;
}

     show chassis fpc 0

    pic 0 {
    inline-services {
        bandwidth 1g;
    }
}

    show interfaces si-0/0/0

    unit 0 {
    family inet;
}

    The problem is that sometimes we are getting high load on cpcdd system process caused by blocked subscribers traffic on port 80.

    So the question is - can we do something like rate-limit by pps for CPCD?

     

     



  • 2.  RE: Juniper MX CPCD rate-limit
    Best Answer

     
    Posted 11-16-2017 07:59

    Hi,

    You can control by tuning the DDOS.

     

    BRAS# set system ddos-protection protocols re-services captive-portal

    BRAS> show ddos-protection protocols re-services captive-portal
    Currently tracked flows: 0, Total detected flows: 0
    * = User configured value
     
    Protocol Group: RE-services
     
      Packet type: captive-portal (Captive portal IPv4 RE services traffic)
        Individual policer configuration:
          Bandwidth:        20000 pps
          Burst:            20000 packets
          Priority:         Medium
          Recover time:     300 seconds
          Enabled:          Yes
          Bypass aggregate: No
        Flow detection configuration:
          Detection mode: Automatic  Detect time:  3 seconds
          Log flows:      Yes        Recover time: 60 seconds
          Timeout flows:  No         Timeout time: 300 seconds
          Flow aggregation level configuration:
            Aggregation level   Detection mode  Control mode  Flow rate
            Subscriber          Automatic       Drop          10 pps
            Logical interface   Automatic       Drop          10 pps
            Physical interface  Automatic       Drop          20000 pps
        System-wide information:
          Bandwidth is never violated
          Received:  560278539           Arrival rate:     0 pps
          Dropped:   0                   Max arrival rate: 2629 pps
        Routing Engine information:
          Bandwidth: 20000 pps, Burst: 20000 packets, enabled
          Policer is never violated
          Received:  560278539           Arrival rate:     0 pps
          Dropped:   0                   Max arrival rate: 2629 pps
            Dropped by aggregate policer: 0
        FPC slot 2 information:
          Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled
          Policer is never violated
          Received:  560278539           Arrival rate:     0 pps
          Dropped:   0                   Max arrival rate: 2629 pps
            Dropped by aggregate policer: 0
            Dropped by flow suppression:  0
     
    Regards,

    Rahul N



  • 3.  RE: Juniper MX CPCD rate-limit

    Posted 11-16-2017 08:13

    Great!

    Thank you very much!