[f-nsp] MLX IPv6 NCE
nick at ramnode.com
nick at ramnode.com
Fri Mar 15 19:36:02 EDT 2019
I tweaked “nd ns-interval” and the problem hasn’t returned yet. I will try your recommendation if it comes back. Thank you.
Regards,
Nick
From: Jörg Kost <jk at ip-clear.de>
Sent: Friday, March 15, 2019 4:53 PM
To: nick at ramnode.com
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] MLX IPv6 NCE
Hi Nick,
does
show ipv6 | include host drop cam
(config)#ipv6 max-host-drop-cam 256
resolve this issue?
Doc says:
To limit the usage of CAM by IPV6 hosts with unresolved ND, enter the ipv6 max-host-drop-cam
command.
Jörg
On 16 Feb 2019, at 20:42, nick at ramnode.com <mailto:nick at ramnode.com> wrote:
Hello,
We sometimes encounter neighbor cache exhaustion attacks on our network. A remote IP beings scanning large portions of our customer IPv6 ranges, the IPv6 neighbor table on our router (MLX/XMR) fills up with INCOMP status entries, and connectivity remains impacted until the neighbor table is manually cleared.
What settings should we use to prevent the table from filling up with and maintaining so many INCOMP entries?
Regards,
Nick
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net <mailto:foundry-nsp at puck.nether.net>
<http://puck.nether.net/mailman/listinfo/foundry-nsp> http://puck.nether.net/mailman/listinfo/foundry-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20190315/3424af90/attachment-0001.html>
More information about the foundry-nsp
mailing list