[j-nsp] Rate limit ARP per interface (or JUNOS bug)?

Terry Baranski tbaranski at mail.com
Fri May 15 17:29:37 EDT 2009


On Fri, 15 May 2009, Chris Adams wrote:
> 
> On the router in question:
> 
> Name                                              Packets
> __default_arp_policer__                           4189504
> 
> So, apparently it was policing, but the default rate is still too 
> high for the router to handle (seems to kind of defeat the purpose
> of having a default policer).

But you said the router's CPU was fine, which means the policer did its job.
The policer can't differentiate between looped (bad) ARP packets and good
ARP packets, so it is to be expected that some legitimate ARPs ended up
getting dropped.

As others have said, you can manually apply your own ARP policer to
individual physical/logical interfaces so that a loop on one interface
doesn't break ARP on another.

-Terry



More information about the juniper-nsp mailing list