[j-nsp] Default ARP policer
Kisito Nguene Ndoum
kisito at juniper.net
Tue Mar 16 09:06:37 EST 2004
See "policer" statement here, under "family" :
http://www.juniper.net/techpubs/software/junos/junos62/swconfig62-interfaces/html/interfaces-summary79.html#1321432
Example :
[edit]
user at router# show interfaces fe-0/0/3
unit 0 {
family inet {
policer {
arp My_ARP_Policer; <<<<<<<
}
address 4.4.4.1/24;
}
}
[edit]
user at router# show firewall
policer My_ARP_Policer {
if-exceeding {
bandwidth-limit 3m;
burst-size-limit 30k;
}
}
- Kisito
At 12:40 AM 3/16/2004, Frederik Egres wrote:
>Hello,
>
>I did realize on our M20 that it drops some ARP packets received from the
>gigabit network and
>it's due to the default arp policer :
>
>Policers:
>Name Packets
>__default_arp_policer__ 46630134
>
>We know that we have too many arp traffic on our network but I would like
>to know how to change the bandwidth and burst parameter of this default
>policer. This doesn't seem documented.
>Also how to remove it ?
>
>We know about per-interface arp policer but unless it can scale to
>thousands of vlans, we would prefer the aggregate default arp policer.
>
>It appears also that the incoming ARP replies on the M20, matching ARP
>requests previously sent, are never dropped by the policer. Like if
>policer keeps a table of the pending request/reply ?
>
>Thanks,
>-F.
>
>_________________________________________________________________
>Få alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list