bit.gossip at chello.nl
Fri Oct 16 11:22:12 EDT 2009
In reply to (a little bit late :-):
I have done some testing with M7i and Junos 9.5R2 and simulated
ARP-FLOOD attack. No protection on the M7i.
Attack generates ~8500000 arp requests in 180 secs
which makes roughly 48000 arp-req/sec =~ 23mbps
The internal policer dropped almost all of them:
l at r4> show policer
and only ~40000 arp requests received a reply from M7i
which makes roughly ~222 arp-reply/sec
During the attack the CPU raised of ~14%.
My conclusion is that the setting for __default_arp_policer__
are perfectly fine and there is no need to apply a custom arp policer to
What is the opinion of the experts over there?
More information about the juniper-nsp