[j-nsp] Next-hop resolution requests from interface 67 throttled

Hannes Gredler hannes at juniper.net
Wed Sep 13 09:28:01 EDT 2006


jason,

the message in the subject line is unrelated to firewalls.

throttled NH resolution request does mean that forwarded traffic
*towards* if67 could not get forwarded in lieu of a specific
/32 route in the forwarding table. this forwarding only route
gets inserted when a ARP response does arrive.

if ifl is a large subnet or there are high volume IP stream
going to that destination the resolver tries to self-protect himself
by trashing all traffic to not-yet-resolved IP destinations
on that subnet for 1s.

--

if you want to know where the traffic towards ifl 69 does enter the box
then yes, you need to setup traffic sampling.

/hannes

Jason J. W. Williams wrote:
> Hello,
> 
> Is it possible to determine from the logs which IPs were triggering a
> firewall rule rate limiting ICMP to the firewall engine? Or must one
> set up a sampling action?
> 
> Best Regards,
> Jason
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list