Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Routing Policy and Firewall Filters

  • Improved DDoS protection protocol prioritization (MX104, MX204, MX240, MX304, MX480, MX960, MX2008, MX2010, MX2020, MX10003, MX10004, MX10008, and MX10016)—In releases before Junos OS Release 23.2R1, the type of line card in the device drives the distributed denial of service (DDoS) priority of incoming protocols. Starting in Junos OS Release 23.2R1, the device determines the DDoS priority of a protocol based on the DDoS parameters table. This enhancement enables the device to treat all packets of a particular protocol the same by default, regardless of the device's line card. This feature improves consistency in the way devices in the network prioritize protocols to protect against DDoS attacks. You can change the priority using the edit system ddos-protection protocol proto-name (aggregate | subtype) priority level CLI command.

    [See Default DDOS Priority in the DDOS Parameters Table, Control Plane Distributed Denial-of-Service (DDoS) Protection Overview and protocols (DDoS).]

  • Improved DDoS protocol classification for ARP request and reply traffic (MX Series)—Starting in Junos OS Release 23.2R1, you can configure separate DDoS protocol packet-types, bcast and ucast, at the [edit system ddos-protection protocols arp] hierarchy level for ARP request and reply traffic. The separate DDoS policers provide an improved packet rate limiting and priority handling for the ARP traffic. Prior to this release, the ARP request and reply traffic had a single DDoS protocol.

    [See protocols (DDoS) and show ddos-protection protocols.]