DSC Interface Monitoring

This chapter summarizes the command-line interface (CLI) commmands you can use to monitor the DSC interface. DSC is not a physical interface, but a virtual interface that discards packets.

On the router, you can configure one discard interface, dsc. The discard interface allows you to identify the ingress point of a denial-of-service (DoS) attack. When your network is under attack, the target host IP address is identified, and the local policy forwards attacking packets to the discard interface. When traffic is routed out of the discard interface, the traffic is silently discarded.

If an output filter is attached to the interface, the action specified by the filter will cause the packets to be logged or counted before the traffic is discarded. For a complete discussion about using the discard interface to protect your network against DoS attacks, see the JUNOS Internet Software Configuration Guide: Policy Framework.

Statistics and media displayed by the show interface command are not relevant for the discard interface and always show values of 0.