Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Discard Interfaces

The discard interface dsc is not a physical interface but a virtual interface that discards packets.

Discard Interface Overview

The discard interface is a virtual interface that silently discards packets as they arrive. The discard interface is especially useful when the network is under a denial-of-service (DoS) attack. You (the network administrator) can configure a policy to drop millions of requests from being sent to a given target address or set of addresses.

You can configure which traffic Junos OS forwards to the discard interface and what it does with that traffic. A local policy determines which traffic Junos OS forwards to the discard interface. Junos OS performs the action specified by an output filter before it discards the traffic.

Benefits

  • With a discard interface, you can configure filters for counting, logging, and sampling the traffic before any type of attack occurs. Discard static routes don't give you the same flexibility.

  • The discard interface allows you to identify the ingress point of a DoS attack. When your network is under attack, Junos OS identifies the target host IP address while the local policy forwards attacking packets to the discard interface.

Discard Interface Configuration

Keep the following guidelines in mind when configuring the discard interface:

  • Only the logical interface unit 0 is supported.

  • A discard interface can have only one logical unit (unit 0), but you can configure multiple IP addresses on that unit.

  • The filter and address statements are optional.

  • Although you can configure an input filter and a filter group, these configuration statements have no effect because traffic is not transmitted from the discard interface.

  • The discard interface does not support class of service (CoS).

Configure the Discard Interface

To configure a discard interface:

  1. In configuration mode, navigate to the [edit interfaces] hierarchy level.
  2. Configure the discard interface. Note that you must use dsc to configure the discard interface and ensure that no other discard interface is already configured.
  3. Configure the logical interface (unit 0) and the protocol family.
  4. (Optional) Apply an output filter to the discard interface.
  5. Commit the configuration and go to the top of the hierarchy level.

Configure an Output Policy

You must configure an output policy to set up the community on the routes injected into the network.

To configure an output policy:

  1. In configuration mode, go to the [edit policy-options] hierarchy level.
  2. Configure a routing policy.
  3. Configure a policy term with a name.
  4. Configure the list of prefix-lists of routes to match with a name.
  5. Configure the action that is to be taken when the if and to conditions match with the then statement. In this case, configure the BGP community properties (set, add, and delete) associated with a route.
  6. Commit the configuration and go to the top of the hierarchy level.
Release History Table
Release
Description
20.1
Starting in Junos OS release 20.1, for MX Series routers, the discard interface is also supported for the inet6 family.