[j-nsp] default_arp_policer

Felix Schueren felix.schueren at hosteurope.de
Tue Dec 21 12:34:48 EST 2010


On 21.12.10 17:20, ibariouen khalid wrote:
> Dear all
> 
> Can someone tell me what is the default value of "default_arp_policer" ?  is
> there any recommendation to reduce the values ;because i have an issue with
> an ARP storme and the router is impacted .
> 
the major problem with the default arp policer is that it is a shared
filter across all interfaces. That is, if you have an ARP storm on a
single interface, that can have an impact even on transit- or
core-facing interfaces. I can't remember how to view the default policer
values, IIRC it's about 5 Mbit or so. Do you see an increase in filtered
packets using
  show policer __default_arp_policer__
? If so, it may be helpful to place interface-specific arp policers on
at least core- and transit interfaces, but really it'd be best to apply
an arp ratelimit to every interface. That's fairly easy to implement
using a single policer and configuration groups. Having that in place,
you can also more easily identify the interface that's ARP storming.

Kind regards,

Felix

-- 
Felix Schüren
Head of Network

-----------------------------------------------------------------------
Host Europe GmbH - http://www.hosteurope.de
Welserstraße 14 - 51149 Köln - Germany
Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*)
HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678
Geschäftsführer:
Uwe Braun - Alex Collins - Mark Joseph - Patrick Pulvermüller

(*) 0,14 EUR/Min. aus dem dt. Festnetz, Mobilfunkpreise ggf. abweichend


More information about the juniper-nsp mailing list