Junos – ddos protection

Recently, we observed application latency that is transiting via Junos device.

We couldn’t able to find any errors, qos and other network related issue.

We observed ddos logs and junos

<28>1 2024-04-25T18:11:03.625Z  xxx jddosd 2211 DDOS_PROTOCOL_VIOLATION_SET [junos@2636.1.1.1.4.82.5 protocol-name="Redirect:aggregate" source-name="fpc 0" repeat-count="51" time-first-detected="2024-04-25 18:11:03 UTC"] Warning: Host-bound traffic for protocol/exception Redirect:aggregate exceeded its allowed bandwidth at fpc 0 for 51 times, started at 2024-04-25 18:11:03 UTC
<28>1 2024-04-25T18:16:04.110Z xxx jddosd 2211 DDOS_PROTOCOL_VIOLATION_CLEAR [junos@2636.1.1.1.4.82.5 protocol-name="Redirect:aggregate" source-name="fpc 0" repeat-count="51" time-first-detected="2024-04-25 18:11:03 UTC" time-last-detected="2024-04-25 18:11:03 UTC"] INFO: Host-bound traffic for protocol/exception Redirect:aggregate has returned to normal. Its allowed bandwidth was exceeded at fpc 0 for 51 times, from 2024-04-25 18:11:03 UTC to 2024-04-25 18:11:03 UTC

Below links explains about ddos protection in Junos and icmp redirect

https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/ref/statement/ddos.html

https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/nx-os-software/213841-understanding-icmp-redirect-messages.html