[an error occurred while processing this directive][an error occurred while processing this directive]

Discard Interface Operational Mode Commands

Table 1 summarizes the command-line interface (CLI) command that you can use to monitor and troubleshoot the discard (dsc) interface.

Table 1: Discard Interface Operational Mode Commands

Task

Command

Monitor the discard interface.

show interfaces (Discard)

The discard interface is not a physical interface, but a virtual interface that discards packets. You can configure one discard interface. The discard interface allows you to identify the ingress point of a denial-of-service (DoS) attack. When your network is under attack, the target host IP address is identified, and the local policy forwards attacking packets to the discard interface. Traffic routed out of the discard interface is silently discarded.

If an output filter is attached to the interface, the action specified by the filter causes the packets to be logged or counted before the traffic is discarded. For a complete discussion about using the discard interface to protect your network against DoS attacks, see the JUNOS Policy Framework Configuration Guide.

Statistics and media displayed by the show interfaces command are not relevant for the discard interface and always show values of 0.


Published: 2010-04-28

[an error occurred while processing this directive]