For now, service ids support only the mode mirror
set service ids ddos-protection mode mirror
It requires a lot of resources to monitor packets for this mode.
Add mode sflow that requires less resources.
set service ids ddos-protection mode sflow
Description
Description
Details
Details
- Difficulty level
- Unknown (require assessment)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Improvement (missing useful functionality)
Event Timeline
Comment Actions
PR https://github.com/vyos/vyos-1x/pull/2105
set system sflow interface 'eth0' set system sflow interface 'eth1' set system sflow server 127.0.0.1 set service ids ddos-protection direction 'in' set service ids ddos-protection mode 'sflow' set service ids ddos-protection network '192.0.2.0/24' set service ids ddos-protection sflow listen-address '127.0.0.1' set service ids ddos-protection sflow port '6343' set service ids ddos-protection threshold general pps '10000'