DDOS_PROTOCOL_VIOLATION_SET: Protocol Rejectv6:aggregate is violated
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	ayounsi
	Aug 28 2017, 5:09 PM

Description

Getting this syslog message on almost all the MX routers:

DDOS_PROTOCOL_VIOLATION_SET: Protocol Rejectv6:aggregate is violated

This happen when a packet is sent toward an IP that is part of an aggregate route, but not part of a more specific route.
For example port scan on whole ranges, etc...

The default behavior for the router is to reply to that request with a reject packet, which could lead to overwhelming the router if sent in high amount.

The recommended fix is to silently ignore it:

[edit routing-options aggregate]
+    defaults {
+        discard;
+    }

Related Objects

Mentioned In: T174397: Tracking task for network syslog messages

Event Timeline

ayounsi created this task.Aug 28 2017, 5:09 PM

Restricted Application added a project: SRE. · View Herald TranscriptAug 28 2017, 5:09 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Mentioned in SAL (#wikimedia-operations) [2017-08-28T17:11:07Z] <XioNoX> pushing "aggregate defaults discard" to cr2-knams - T174364

Mentioned in SAL (#wikimedia-operations) [2017-08-28T17:59:43Z] <XioNoX> pushing "aggregate defaults discard" to *ams - T174364

Framawiki added a subscriber: Framawiki.Aug 28 2017, 6:57 PM

Mentioned in SAL (#wikimedia-operations) [2017-08-28T20:53:30Z] <XioNoX> pushing "aggregate defaults discard" to all the cr* routers - T174364

ayounsi closed this task as Resolved.Aug 28 2017, 9:01 PM

ayounsi mentioned this in T174397: Tracking task for network syslog messages.Aug 28 2017, 9:26 PM

DDOS_PROTOCOL_VIOLATION_SET: Protocol Rejectv6:aggregate is violatedClosed, ResolvedPublicActions

Description

Related Objects

Event Timeline

DDOS_PROTOCOL_VIOLATION_SET: Protocol Rejectv6:aggregate is violated
Closed, ResolvedPublic
Actions