[j-nsp] Mpls down qfx 5100

Discussion:

Rodrigo 1telecom

2018-11-10 21:05:55 UTC

Hi folks.... recently we have some trouble with some mpls tunnels.... sometime these tunnels goes down:
Follow out logfiles:

Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]: DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]: DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Can someone help us?
Enviado via iPhone 
Grupo Connectoway
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/m

Saku Ytti

2018-11-11 08:59:19 UTC

Permalink

Hey,

These are not related to your issue.,

The first one is complaining that you got bunch of packets to your
device with TTL==1, you need to punt these and generate TTL exceeded
message. Because it's done in software, it's limited to certain amount
of packets.
This is operationally normal during convergence due to microloops and such.

The second one is complaining that packet came in which wanted to go
out via interface which has smaller MTU, these also need to be punted
so we can generate fragmentation needed but DF set message. Doesn't
indicate anything to help with your original problem, but you might
want to know why do you have such an small egress MTU, ideally you
wouldn't ever decrease MTU inside your network.

What ever your problem is, no one can help you with these messages.

Post by Rodrigo 1telecom
Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]: DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Nov 9 20:03:42 PE-REC-A01-BKB-SW-001 jddosd[1769]: DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Can someone help us?
Enviado via iPhone 
Grupo Connectoway
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp

--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/

Rodrigo Augusto

2018-11-12 14:37:27 UTC

Permalink

Ok. I will put this configuration.
Protocol Group: L3MTU-fail

Packet type: aggregate (Aggregate for L3 MTU Check fail)
Aggregate policer configuration:
Bandwidth: 500 pps*
Burst: 10 packets
Recover time: 300 seconds
Enabled: Yes
Flow detection configuration:
Detection mode: Automatic Detect time: 0 seconds
Log flows: Yes Recover time: 0 seconds
Timeout flows: No Timeout time: 0 seconds

Already put
Thanks a lot..

Rodrigo Augusto
Diretor BackBone IP Grupo Um
http://www.connectoway.com.br <http://www.connectoway.com.br/>
http://www.1telecom.com.br <http://www.1telecom.com.br/>
* rodrigo@ <mailto:***@connectoway.com.br>1telecom.com.br
( (81) 3497-6060
( INOC-DBA 52965*100

Post by Saku Ytti
Hey,
These are not related to your issue.,
The first one is complaining that you got bunch of packets to your
device with TTL==1, you need to punt these and generate TTL exceeded
message. Because it's done in software, it's limited to certain amount
of packets.
This is operationally normal during convergence due to microloops and such.
The second one is complaining that packet came in which wanted to go
out via interface which has smaller MTU, these also need to be punted
so we can generate fragmentation needed but DF set message. Doesn't
indicate anything to help with your original problem, but you might
want to know why do you have such an small egress MTU, ideally you
wouldn't ever decrease MTU inside your network.
What ever your problem is, no one can help you with these messages.

Post by Rodrigo 1telecom
Hi folks.... recently we have some trouble with some mpls tunnels....
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc
0 for 212 times, started at 2018-11-09 20:03:41 BRT
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth
at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Can someone help us?
Enviado via iPhone
Grupo Connectoway
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp

--
++ytti

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Rodrigo Augusto

2018-11-12 15:17:59 UTC

Permalink

This post might be inappropriate. Click to display it.

Saku Ytti

2018-11-12 15:23:23 UTC

Permalink

No 500pps won't be enough to avoid drops, your arrival rate was
226kpps. But like I said in the original post, these are not
indicative of your problem.

These, particularly TTL==0 is normal consequence of routing convergence.

So I do not recommend spending time on this, as it's not going to fix
what ever issue you're talking about.

Post by Rodrigo Augusto
Protocol Group: L3MTU-fail
Packet type: aggregate (Aggregate for L3 MTU Check fail)
Bandwidth: 50 pps
Burst: 10 packets
Recover time: 300 seconds
Enabled: Yes
Detection mode: Automatic Detect time: 0 seconds
Log flows: Yes Recover time: 0 seconds
Timeout flows: No Timeout time: 0 seconds
Aggregation level Detection mode Control mode Flow rate
Subscriber Automatic Drop 0 pps
Logical interface Automatic Drop 0 pps
Physical interface Automatic Drop 50 pps
Aggregate bandwidth is being violated!
No. of FPCs currently receiving excess traffic: 1
No. of FPCs that have received excess traffic: 1
Violation first detected at: 2018-11-12 11:28:10 BRT
Violation last seen at: 2018-11-12 11:33:00 BRT
Duration of violation: 00:04:50 Number of violations: 219
Received: 64825768 Arrival rate: 2387 pps
Dropped: 51410693 Max arrival rate: 225833 pps
After I put this parameter to 500 pps, so I have a question, does this
value is enough for this violation?
Rodrigo Augusto
Diretor BackBone IP Grupo Um
http://www.connectoway.com.br <http://www.connectoway.com.br/>
http://www.1telecom.com.br <http://www.1telecom.com.br/>
( (81) 3497-6060
( INOC-DBA 52965*100

Post by Rodrigo 1telecom
Hi folks.... recently we have some trouble with some mpls tunnels....
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception TTL:aggregate exceeded its allowed bandwidth at fpc
0 for 212 times, started at 2018-11-09 20:03:41 BRT
DDOS_PROTOCOL_VIOLATION_SET: Warning: Host-bound traffic for
protocol/exception L3MTU-fail:aggregate exceeded its allowed bandwidth
at fpc 0 for 212 times, started at 2018-11-09 20:03:41 BRT
Can someone help us?
Enviado via iPhone •
Grupo Connectoway
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp

--
++ytti

--
++ytti
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether

Ivan Malyarchuk

2018-11-12 15:19:45 UTC

Permalink

This post might be inappropriate. Click to display it.