DDoS protection flow detection for enhanced subscriber management

Enhanced subscriber management supports flow detection for DDoS protection. Enable flow detection by including the flow-detection statement at the [edit system ddos-protection global] hierarchy level. Flows that violate a DDoS protection policer are tracked as suspicious flows; they become culprit flows when they violate the policer bandwidth for the duration of a configurable detection period. Culprit flows are dropped, kept, or policed to below the allowed bandwidth level. Suspicious flow tracking stops if the violation stops before the detection period expires. Most flow detection attributes are configured at the packet level or flow aggregation level of the CLI hierarchy ([edit system ddos-protection protocols protocol-group packet-type]). By default, flow detection automatically generates reports for events associated with the identification and tracking of culprit flows and bandwidth violations. Use commands at the show ddos-protection hierarchy level and culprit-flows or culprit-flows detail to display flow detection information and statistics on the basis of protocol, packet type, or subscriber management.