Routing
Highlighted
Routing

Juniper MX CPCD rate-limit

‎11-16-2017 06:18 AM

Good day.

We are using CPCD with subscribers management.

CPCD is set up like this:

rule R1 {
    match-direction input;
    term 1 {
        then {
            redirect http://redirect.page;
        }
    }
}
profile P1 {
    cpcd-rules R1;
}

 show chassis fpc 0

pic 0 {
    inline-services {
        bandwidth 1g;
    }
}

show interfaces si-0/0/0

unit 0 {
    family inet;
}

The problem is that sometimes we are getting high load on cpcdd system process caused by blocked subscribers traffic on port 80.

So the question is - can we do something like rate-limit by pps for CPCD?

 

 

2 REPLIES 2
Highlighted
Routing
Solution
Accepted by topic author smelnik
‎11-16-2017 08:13 AM

Re: Juniper MX CPCD rate-limit

‎11-16-2017 07:59 AM

Hi,

You can control by tuning the DDOS.

 

BRAS# set system ddos-protection protocols re-services captive-portal

BRAS> show ddos-protection protocols re-services captive-portal
Currently tracked flows: 0, Total detected flows: 0
* = User configured value
 
Protocol Group: RE-services
 
  Packet type: captive-portal (Captive portal IPv4 RE services traffic)
    Individual policer configuration:
      Bandwidth:        20000 pps
      Burst:            20000 packets
      Priority:         Medium
      Recover time:     300 seconds
      Enabled:          Yes
      Bypass aggregate: No
    Flow detection configuration:
      Detection mode: Automatic  Detect time:  3 seconds
      Log flows:      Yes        Recover time: 60 seconds
      Timeout flows:  No         Timeout time: 300 seconds
      Flow aggregation level configuration:
        Aggregation level   Detection mode  Control mode  Flow rate
        Subscriber          Automatic       Drop          10 pps
        Logical interface   Automatic       Drop          10 pps
        Physical interface  Automatic       Drop          20000 pps
    System-wide information:
      Bandwidth is never violated
      Received:  560278539           Arrival rate:     0 pps
      Dropped:   0                   Max arrival rate: 2629 pps
    Routing Engine information:
      Bandwidth: 20000 pps, Burst: 20000 packets, enabled
      Policer is never violated
      Received:  560278539           Arrival rate:     0 pps
      Dropped:   0                   Max arrival rate: 2629 pps
        Dropped by aggregate policer: 0
    FPC slot 2 information:
      Bandwidth: 100% (20000 pps), Burst: 100% (20000 packets), enabled
      Policer is never violated
      Received:  560278539           Arrival rate:     0 pps
      Dropped:   0                   Max arrival rate: 2629 pps
        Dropped by aggregate policer: 0
        Dropped by flow suppression:  0
 
Regards,

Rahul N

Highlighted
Routing

Re: Juniper MX CPCD rate-limit

‎11-16-2017 08:12 AM

Great!

Thank you very much!