[j-nsp] Ratelimiting ARP-Requests
Guy Davies
aguydavies at gmail.com
Thu Jun 28 06:05:12 EDT 2007
Hi Gunjan,
Won't that simply rate-limit *all* traffic traversing that interface
to 5m? You'd need to identify arp traffic specifically, using a
firewall filter and apply that to the interface.
A shared, non-configurable policer is applied to all Ethernet
interfaces on which family inet is configured in a chassis. You can
configure an ARP policer on a per interface basis. This will override
the default policer.
Guy
On 28/06/07, Gunjan GANDHI (BR/EPA) <gunjan.gandhi at ericsson.com> wrote:
> Jens,
> It is possible to do this on a per interface basis, not sure if you can
> do on a per node basis. Here is a sample syntax example.
>
> [edit]
> root at Testlab1# show interfaces ge-0/0/0
> vlan tagging;
> unit 502 {
> vlan-id 502;
> family inet {
> policer {
> arp Block_ARP;
> }
> address 172.20.16.52/24;
> }
> }
>
> [edit]
> root at Testlab1# show firewall
> policer Block_ARP {
> if-exceeding {
> bandwidth-limit 5m;
> burst-size-limit 50k;
> }
> }
>
> Cheers
> //Gunjan
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> jens.hoffmann at email.de
> Sent: Thursday, 28 June 2007 3:01 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Ratelimiting ARP-Requests
>
> Dear colleagues,
>
> I'm looking for an advice about the possibilities to ratelimit incomming
> ARP requests.
>
> What's the correct syntax for an effective filter rule to solve this
> problem ?
>
> Kind Regards
> Jens
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list