Juniper DOS/Blackhole question

Jack Bates jbates at brightok.net
Sat Oct 22 20:38:30 CDT 2011


Considered j-nsp, but this just feels more nanog appropriate.

I'm told by one of my NSPs that I'm connected to a juniper. We were 
dealing with a DOS, and for some reason remote triggered DOS prevention 
via BGP wasn't working. The NOC said they had to enable multihop to my 
peering to make it work, otherwise it wouldn't accept the route. This 
seems strange to me. Any idea why a route would be rejected unless 
multihop was enabled?

Also, any idea why a Juniper couldn't handle a simple 750mbit/s, 1.5Mpps 
DOS? Don't get me wrong, it could have been more than that. I was just 
receiving that much of the DOS and my lower end m120 didn't seem to 
think it an issue, so I'm curious why I was dropping packets on the link 
to begin with. Interestingly, I have an OC-12 to another NSP who was 
also dropping after around 1.2Mpps (last time I asked, they said the 
oc-12 hit a cisco 7600).


Jack



More information about the NANOG mailing list