On Sep 24, 2025, at 12:42 PM, Saku Ytti <[email protected]> wrote: > > There are plenty of reasons to punt L2 frames, regardless of IRB. E.g. > LACP, LLDP, STP, DHCP snooping.
Good point. I figured that L2 was going to be data plane only. > If you capture on the PFE-RE interface (em0 or something like that, > depending on platform) OK, I think I've got ahold of that (bme0 in this case). The packets aren't decodable (yet) but I am seeing some small spikes to ~150pps that correspond with a DDOS violation. Would love to see the Lua scripts or any info on stripping/skipping the internal headers to see the contents of the packets and try to classify them. Leafing through I'm seeing some mDNS and other stuff embedded in the packets but would be helpful to categorize and graph. Thanks, Jason _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
