Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring Flow Detection for DDoS Protection

 

Flow detection monitors the flows of control traffic for violation of the bandwidth allowed for each flow and manages traffic identified as a culprit flow. Suppression of the traffic is the default management option. Flow detection is typically implemented as part of an overall DDoS protection strategy, but it is also useful for troubleshooting and understanding traffic flow in new configurations. Flow detection is disabled by default.

Enhanced Subscriber Management supports flow detection for DDoS protection as of Junos OS Release 17.3R1.

Before you begin, ensure you have configured DDoS protection appropriately for you network. See Configuring Protection Against DDoS Attacks for detailed information about DDoS protection.

To configure flow detection:

  1. Enable flow detection globally for all protocol groups and packet types.

    See Enabling Flow Detection for All Protocol Groups and Packet Types.

  2. (Optional) Set the rate at which culprit flow events are reported for all line cards, protocol groups, and packet types.

    See Configuring the Culprit Flow Reporting Rate for All Protocol Groups and Packet Types.

  3. Set the rate at which bandwidth violations are reported for all line cards, protocol groups, and packet types.

    See Configuring the Violation Reporting Rate for All Protocol Groups and Packet Types.

  4. (Optional) Configure how long a suspicious flow must be in violation of flow bandwidth before being declared a culprit flow.

    See Configuring the Detection Period for Suspicious Flows.

  5. (Optional) Configure how long a culprit flow must drop to within its allowed bandwidth before being declared normal.

    See Configuring the Recovery Period for a Culprit Flow.

  6. (Optional) Enable and configure how long a culprit flow is suppressed or monitored.

    See Configuring the Timeout Period for a Culprit Flow.

  7. (Optional) Configure the global flow detection operation mode for all protocol groups and packet types.

    See Configuring How Flow Detection Operates Globally.

  8. (Optional) Override the global flow detection operation mode for protocol groups or packet types.

    See Configuring How Flow Detection Operates for Individual Protocol Groups or Packets.

  9. (Optional) Override the global, protocol group, or packet type flow detection operation mode for one or more flow aggregation levels (subscriber, logical interface, and physical interface).

    See Configuring How Flow Detection Operates at Each Flow Aggregation Level.

  10. Configure the maximum bandwidth for packet flows at each flow aggregation level (subscriber, logical interface, and physical interface).

    See Configuring the Maximum Flow Bandwidth at Each Flow Aggregation Level.

  11. (Optional) Configure how traffic for flows that violate their bandwidth is controlled at all flow aggregation levels (subscriber, logical interface, and physical interface) for all protocol groups and packet types.

    See Configuring How Traffic in a Culprit Flow Is Controlled Globally.

  12. (Optional) Configure how traffic for flows that violate their bandwidth is controlled at each flow aggregation level (subscriber, logical interface, and physical interface) for specific protocol groups and packet types.

    See Configuring How Traffic in a Culprit Flow Is Controlled at Each Flow Aggregation Level.

  13. (Optional) Disable automatic logging of suspicious flows.

    See Disabling Automatic Logging of Culprit Flow Events for a Packet Type.

Release History Table
Release
Description
Enhanced Subscriber Management supports flow detection for DDoS protection as of Junos OS Release 17.3R1.