[j-nsp] routing engine protection (rate-limiting ARP traffic, policing by pps, best-practises guidelines) on JunOS

Johannes Resch jr at xor.at
Sun Jan 22 05:10:54 EST 2006


Greetings!

I'm currently building a control-plane filter for M-series routers and
I'd like to police the maximum ARP traffic allowed to the RE, in case
Something Bad (tm) happens on connected ethernet networks.

How can this be achieved with JunOS 7.4? I was unable to find a way to
match ARP traffic in a firewall filter term.
(In cisco CoPP I can specify "match protocol arp" for this)

Regarding the same subject (control plane protection): is it possible to
police traffic based on packet/sec counters instead of bw only?
This would also come handy for RE protection - I'd rather have ICMP
traffic policed by pps than bandwidth, for example.

If somebody knows any documentation or best-practices guidelines
regarding how to efficiently do RE protection on JunOS, I'd be grateful
for pointers.

regards,
-jr



More information about the juniper-nsp mailing list