Juniper DOS/Blackhole question
jbates at brightok.net
Sun Oct 23 01:38:30 UTC 2011
Considered j-nsp, but this just feels more nanog appropriate.
I'm told by one of my NSPs that I'm connected to a juniper. We were
dealing with a DOS, and for some reason remote triggered DOS prevention
via BGP wasn't working. The NOC said they had to enable multihop to my
peering to make it work, otherwise it wouldn't accept the route. This
seems strange to me. Any idea why a route would be rejected unless
multihop was enabled?
Also, any idea why a Juniper couldn't handle a simple 750mbit/s, 1.5Mpps
DOS? Don't get me wrong, it could have been more than that. I was just
receiving that much of the DOS and my lower end m120 didn't seem to
think it an issue, so I'm curious why I was dropping packets on the link
to begin with. Interestingly, I have an OC-12 to another NSP who was
also dropping after around 1.2Mpps (last time I asked, they said the
oc-12 hit a cisco 7600).
More information about the NANOG