[c-nsp] Broadcast storm control
Phil Mayers
p.mayers at imperial.ac.uk
Thu Nov 8 05:18:42 EST 2007
On Tue, 2007-11-06 at 19:39 +0100, Daniel Dib wrote:
> Hey Michael.
>
> Here is something you can try out. Instead of using CoPP to limit ARP use
> the hardwarebased ratelimiters.
>
> mls rate-limit unicast cef glean 20000 60 - This limits the number of
> ARP-packets punted to the RP of the type glean. This will occur when
> traffic is sent to a connected host for which the router has no
> MAC-address
I'm sure it's a typo, but I think you mean "limits the number of IP
packets without a destination ARP entry".
As you say lower down, the command for limiting ARP packets is
different.
> that this does not limit the actual number of ARP-packets passing through
> the router. The numbers here are an example and you should try out values
> that work for you.
>
> Also check out mls qos protocol arp police 64000 - This will limit the
> number of ARP-packets headed to the RP and also through the router. The
> values is in kbit/s. Once again find your own value for this limiter.
Tediously, it's a box-global. Ideally I'd like:
mls qos protocol arp police 10 pps per-mac
A single host can kick out thousands of ARP requests/sec and thus
trigger the rate limiter which then stops all ARP requests on all
interfaces :o(
More information about the cisco-nsp
mailing list