The following log messages are seen:
test1[1000]: DDOS_PROTOCOL_VIOLATION_SET: Protocol Sample:pfe is violated at fpc 0 for 92 times, started at 2013-09-12 14:36:46 EDT, last seen at 2013-09-12 14:36:46 EDT
even though sampling is not configured on the router.
This is not a DDOS attack, and it does not indicate an error condition.
The following log messages are seen:
test1[1000]: DDOS_PROTOCOL_VIOLATION_SET: Protocol Sample:pfe is violated at fpc 0 for 92 times, started at 2013-09-12 14:36:46 EDT, last seen at 2013-09-12 14:36:46 EDT
even though sampling is not configured on the router.
If then log, then syslog or then sample is configured in a firewall filter, and the rate of logged or sampled packets is above thedistributed denial-of-service (DDoS threshold), then these logs are seen.
This is not a DDOS attack, and it does not indicate an error condition.
The DDOS threshold for this packet type can be raised if desired.
http://www.juniper.net/techpubs/en_US/junos/topics/task/configuration/subscriber-management-ddos-packet.html
This output will show the currently configured thresholds:
show ddos-protection protocols parameters brief | match sample
Here are the column headers and default values:
lab@mx1> show ddos-protection protocols parameters brief Packet types: 192, Modified: 0 * = User configured value Protocol Packet Bandwidth Burst Priority Recover Policer Bypass FPC group type (pps) (pkts) time(sec) enabled aggr. mod (snip) lab@Wicket> show ddos-protection protocols parameters brief | match sample sample aggregate 1000 1000 -- 300 yes -- no sample syslog 1000 1000 Medium 300 yes no no sample host 1000 1000 Medium 300 yes no no sample pfe 1000 1000 Medium 300 yes no no sample tap 1000 1000 Medium 300 yes no no
This output has more detailed output:
lab@BigHunk-re0> show ddos-protection protocols sample ? Possible completions: <[Enter]> Execute this command | Pipe through a command parameters Show Sample protocol parameters statistics Show Sample statistics and states violations Show Sample traffic violations aggregate Show aggregate for all sampled traffic information syslog Show Syslog sample traffic information host Show Host sample traffic information pfe Show PFE sample traffic information tap Show Tap sample traffic information lab@BigHunk-re0> show ddos-protection protocols sample pfe Protocol Group: Sample Packet type: pfe (PFE sample traffic) Individual policer configuration: Bandwidth: 10000 pps Burst: 10000 packets Priority: medium Recover time: 300 seconds Enabled: Yes Bypass aggregate: No System-wide information: Bandwidth is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Routing Engine information: Bandwidth: 10000 pps, Burst: 10000 packets, enabled Policer is never violated Received: 0 Arrival rate: 0 pps Dropped: 0 Max arrival rate: 0 pps Dropped by aggregate policer: 0