DDoS Protection Flow Detection

Flow detection is an enhancement to DDoS protection that supplements the DDoS policer hierarchies. When you enable flow detection by including the flow-detection statement at the [edit system ddos-protection global] hierarchy level, a limited amount of hardware resources are used to monitor the arrival rate of host-bound flows of control traffic. This behavior makes flow detection highly scalable compared to filter policers, which track all flows and therefore consume a considerable amount of resources. Flows that violate a DDoS protection policer are tracked as suspicious flows; they become culprit flows when they violate the policer bandwidth for the duration of a configurable detection period. Culprit flows are dropped, kept, or policed to below the allowed bandwidth level. Suspicious flow tracking stops if the violation stops before the detection period expires.

Product / Application	Software	Introduced Release
MX5	Junos OS	12.3R1
MX10	Junos OS	12.3R1
MX40	Junos OS	12.3R1
MX80	Junos OS	12.3R1
MX104	Junos OS	13.2R2
MX150	Junos OS	17.3R1
MX204	Junos OS	17.4R1
MX240	Junos OS	12.3R1
MX301	Junos OS	25.4R1
MX304	Junos OS	22.2R3
MX480	Junos OS	12.3R1
MX960	Junos OS	12.3R1
MX2010	Junos OS	19.3R2
MX2020	Junos OS	19.3R2
MX10003	Junos OS	17.3R1
MX10004	Junos OS	22.3R1
MX10008	Junos OS	18.2R1
MX10016	Junos OS	19.2R1
vMX	Junos OS	14.1R5

Feature Explorer AI

DDoS Protection Flow Detection

404: Page not found.

DDoS Protection Flow Detection