[j-nsp] Ratelimiting ARP-Requests

Gunjan GANDHI (BR/EPA) gunjan.gandhi at ericsson.com
Thu Jun 28 04:54:31 EDT 2007


Jens,
 It is possible to do this on a per interface basis, not sure if you can
do on a per node basis. Here is a sample syntax example.

[edit]
root at Testlab1# show interfaces ge-0/0/0
vlan tagging;
	unit 502 {
	vlan-id 502;     
	family inet {
         policer {
             arp Block_ARP;
         }
         address 172.20.16.52/24;
     }
}

[edit]
root at Testlab1# show firewall
policer Block_ARP {
     if-exceeding {
         bandwidth-limit 5m;
         burst-size-limit 50k;
     }
} 

Cheers
//Gunjan


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
jens.hoffmann at email.de
Sent: Thursday, 28 June 2007 3:01 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Ratelimiting ARP-Requests

Dear colleagues,
 
I'm looking for an advice about the possibilities to ratelimit incomming
ARP requests.
 
What's the correct syntax for an effective filter rule to solve this
problem ?
 
Kind Regards
Jens
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list