Configurable Options

You can configure the following options for suspicious flow detection:

• Global on or off. When the option is set to off, flows or packets are not marked as suspicious. The default is on.
• Actions a line module takes when the suspicious flow table on the line module overflows:
  • Overflow—Stop recognizing new suspicious flows
  • Group—Group flows into logical groupings where some individual flows are monitored as a group
• Suspicious threshold for each protocol. The threshold is the rate in packets per second at which a flow becomes suspicious. A zero setting disables suspicious flow detection for the protocol. Flows are subject to protocol and priority rate limits, but not to suspicious flow detection.
• Low threshold for each protocol. The threshold rate determines whether an interface transitions from suspicious back to nonsuspicious. A zero setting means that the flow does not transition back to nonsuspicious based on packet rate.
• Backoff time in seconds for each protocol. After this period expires, the flow transitions to nonsuspicious regardless of the current rate. When set to zero, an interface does not return to the nonsuspicious state using a time mechanism.

You can also clear the following:

• All suspicious flows from the suspicious flow table for a specific slot.
• Suspicious flows from the suspicious flow table for the entire system.
• A single suspicious flow; returns the flow to the nonsuspicious state.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.