Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The service enables users to mitigate active attacks aimed at their network equipment.
It is based on the creation of dynamic firewall filters that are applied to the network using the management protocol NETCONF and are propagated to compatible (Juniper) backbone network devices via BGP flowspec NLRI.
In order to properly complete the application for a new filter is essential that the destination address belongs to the user's administrative network.
Currently attacks are limited to to protect IPv4 targets and per /29 subnet and for IPv6 targets limited to /64 subnets.
Requests for new filters are applied directly to the network and therefore users should pay extra attention in their request. Filters that have been applied to the network are removed after their expiry date, and users can activate then again by selecting the corresponding option.
Moreover, users are given the option for early deactivation of their requests.

...