[f-nsp] MLX IPv6 NCE
Jörg Kost
jk at ip-clear.de
Fri Mar 15 16:52:51 EDT 2019
Hi Nick,
does
> show ipv6 | include host drop cam
(config)#ipv6 max-host-drop-cam 256
resolve this issue?
Doc says:
To limit the usage of CAM by IPV6 hosts with unresolved ND, enter the
ipv6 max-host-drop-cam
command.
Jörg
On 16 Feb 2019, at 20:42, nick at ramnode.com wrote:
> Hello,
>
>
>
> We sometimes encounter neighbor cache exhaustion attacks on our
> network. A
> remote IP beings scanning large portions of our customer IPv6 ranges,
> the
> IPv6 neighbor table on our router (MLX/XMR) fills up with INCOMP
> status
> entries, and connectivity remains impacted until the neighbor table is
> manually cleared.
>
>
>
> What settings should we use to prevent the table from filling up with
> and
> maintaining so many INCOMP entries?
>
> Regards,
>
> Nick
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20190315/4ead00b1/attachment.html>
More information about the foundry-nsp
mailing list