[j-nsp] Ratelimiting ARP-Requests

Guy Davies aguydavies at gmail.com
Thu Jun 28 06:05:12 EDT 2007


Hi Gunjan,

Won't that simply rate-limit *all* traffic traversing that interface
to 5m?  You'd need to identify arp traffic specifically, using a
firewall filter and apply that to the interface.

A shared, non-configurable policer is applied to all Ethernet
interfaces on which family inet is configured in a chassis.  You can
configure an ARP policer on a per interface basis.  This will override
the default policer.

Guy

On 28/06/07, Gunjan GANDHI (BR/EPA) <gunjan.gandhi at ericsson.com> wrote:
> Jens,
>  It is possible to do this on a per interface basis, not sure if you can
> do on a per node basis. Here is a sample syntax example.
>
> [edit]
> root at Testlab1# show interfaces ge-0/0/0
> vlan tagging;
>         unit 502 {
>         vlan-id 502;
>         family inet {
>          policer {
>              arp Block_ARP;
>          }
>          address 172.20.16.52/24;
>      }
> }
>
> [edit]
> root at Testlab1# show firewall
> policer Block_ARP {
>      if-exceeding {
>          bandwidth-limit 5m;
>          burst-size-limit 50k;
>      }
> }
>
> Cheers
> //Gunjan
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
> jens.hoffmann at email.de
> Sent: Thursday, 28 June 2007 3:01 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Ratelimiting ARP-Requests
>
> Dear colleagues,
>
> I'm looking for an advice about the possibilities to ratelimit incomming
> ARP requests.
>
> What's the correct syntax for an effective filter rule to solve this
> problem ?
>
> Kind Regards
> Jens
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list