[j-nsp] Next-hop resolution requests from interface 67 throttled
Hannes Gredler
hannes at juniper.net
Wed Sep 13 09:28:01 EDT 2006
jason,
the message in the subject line is unrelated to firewalls.
throttled NH resolution request does mean that forwarded traffic
*towards* if67 could not get forwarded in lieu of a specific
/32 route in the forwarding table. this forwarding only route
gets inserted when a ARP response does arrive.
if ifl is a large subnet or there are high volume IP stream
going to that destination the resolver tries to self-protect himself
by trashing all traffic to not-yet-resolved IP destinations
on that subnet for 1s.
--
if you want to know where the traffic towards ifl 69 does enter the box
then yes, you need to setup traffic sampling.
/hannes
Jason J. W. Williams wrote:
> Hello,
>
> Is it possible to determine from the logs which IPs were triggering a
> firewall rule rate limiting ICMP to the firewall engine? Or must one
> set up a sampling action?
>
> Best Regards,
> Jason
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list