[j-nsp] ssb NH: resolutions from x throttled

juniper at iber-x.com juniper at iber-x.com
Mon May 17 11:25:48 EDT 2010 

Hi,

Our router M20 is divided in two logical routers, one is the physical 
and the other is the logical. And it is in the logical tunnel interface, 
lt-0/2/0, where the problem are. And it is only in that two interfaces 
where we've thought to apply the statement: 'proxy-arp'. What is it your 
opinion about the implementation in this scenario?

Do you have any other idea to solve this message in our Juniper's log 
without make a JUNO's upgrade? I would appreciate it because we are 
trying to solve it for a long time without success.

Thanks,


El 17/05/2010 11:16, Alex escribió:
> I am sure You realise "proxy-arp" is an ARP Response function:
>
> Warning: If you configure unrestricted proxy ARP, the proxy router 
> replies to ARP requests for the target IP address on the same 
> interface as the incoming ARP request.
> http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html 
>
>
> So if You have another JUNOS box sitting on the same PE-CE subnet with 
> M20, and M20 has traffic coming in from its core-facing interface and 
> addressed to unassigned IP addresses on said subnet, You can always 
> configure "proxy-arp" on that other JUNOS box in order to respond to 
> M20 and keep poor old M20 happy...
>
> Cheers
> Alex
>
> ----- Original Message ----- From: <juniper at iber-x.com>
> To: "Christoph Blecker" <admin at toph.ca>; <juniper-nsp at puck.nether.net>
> Sent: Monday, May 17, 2010 10:45 AM
> Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
>
>
> Hello,
>
> Yes, we had read this upgrade recomendation but we are looking for an
> alternative solution. How I said, we read that there is a possibility to
> set a 'proxy-arp' option for a particular interface
> (http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html) 
>
> and maybe it exists a statement for the opposite because we think that
> perhaps it will solve the 'problem'.
>
> Set this statement is only one idea (probably it doesn't work) but, does
> anyone have another idea?
>
> Thanks for your help and time,
>
>
> El 17/05/2010 10:18, Christoph Blecker escribió:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hello,
>> The issue appears to be a bug in the JUNOS version you are running. A
>> quick Google search turned up the following:
>>
>> http://www.juniper.net/techpubs/software/junos/junos73/rn-sw-73/previous-releases.html 
>>
>>
>> "If a router receives rapid multicast traffic from various groups or
>> sources that do not have entries in the forwarding table, the router
>> might generate the ?router-name feb NH: resolutions from iif number
>> throttled? system log message and might delay the installation of
>> forwarding table entries for some of these multicast packets. [PR/46474:
>> This issue has been resolved.]"
>>
>> Solution would be to review your hardware and upgrade your JUNOS version
>> as applicable. ARP resolution is a normal and necessary funtion of the
>> router, and you would not want to disable it (I'm not even sure there
>> *is* a way to disable it withing JUNOS).
>>
>> Cheers,
>> - -Christoph
>>
>> On 10-05-17 01:43 AM, juniper at iber-x.com wrote:
>>
>>> Hi there,
>>>
>>> We have a Juniper M20 with JUNOS 7.3R1.4, old version :( .. and since
>>> few we have in our log these entries:
>>>
>>> May 10 23:49:48.177 2010  xxxxx ssb NH: resolutions from iif 73 
>>> throttled
>>> May 10 23:50:41.168 2010  xxxxx ssb NH: resolutions from iif 88 
>>> throttled
>>> ..
>>>
>>> Someone told us that maybe was a  port/ip scan on an Ethernet subnet 
>>> and
>>> this causes a flood of ARP requests.
>>> We found that there is a statement to set the 'proxy-arp' option:
>>>
>>> [edit]
>>> user at host# set interfaces interface-name unit logical-unit-number 
>>> proxy-arp
>>>
>>> But we can't find the opposite statement, I mean that the router 
>>> doesn't
>>> register any arp resolution in one interface.
>>>
>>> Also we read that it was a problem [PR/46474] solved since the version
>>> 7.3R3 but we have an older JUNOS version..
>>>
>>> Does anyone know how to solve this 'problem'?
>>>
>>> Thanks in advance,
>>>
>>>
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iEYEARECAAYFAkvxCdsACgkQg4DtNh1wGhrzaQCfbYbgJQAFUg5O/Gg/KTshJBoi
>> pz8AnAqD659S7c2PFCE+c2XlIo1yGWQb
>> =wANs
>> -----END PGP SIGNATURE-----
>>
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>

More information about the juniper-nsp mailing list