[j-nsp] Rate limit ARP per interface (or JUNOS bug)?
Terry Baranski
tbaranski at mail.com
Fri May 15 17:29:37 EDT 2009
On Fri, 15 May 2009, Chris Adams wrote:
>
> On the router in question:
>
> Name Packets
> __default_arp_policer__ 4189504
>
> So, apparently it was policing, but the default rate is still too
> high for the router to handle (seems to kind of defeat the purpose
> of having a default policer).
But you said the router's CPU was fine, which means the policer did its job.
The policer can't differentiate between looped (bad) ARP packets and good
ARP packets, so it is to be expected that some legitimate ARPs ended up
getting dropped.
As others have said, you can manually apply your own ARP policer to
individual physical/logical interfaces so that a loop on one interface
doesn't break ARP on another.
-Terry
More information about the juniper-nsp
mailing list