[j-nsp] ssb NH: resolutions from x throttled

juniper at iber-x.com juniper at iber-x.com
Tue May 18 11:43:47 EDT 2010 

Hi,

Regardings your questions,

1.- The encapsulation in these interfaces is frame-relay.

2.- Addresses are public and we don't advertise this /30  link to the 
Internet only the general range of IP.

3.- There isn't the same IPs in other interfaces.
The configuration of this particular interface is:

lt-0/2/0 {
                 unit 101 {
                     encapsulation frame-relay;
                     dlci 100;
                     peer-unit 100;
                     family inet {
                         no-redirects;
                         address x/30;
                     }
                     family iso;
                     family inet6 {
                         y/124;
                         z/64;
                     }
                     family mpls;
                 }
}

Thanks for your time,



El 17/05/2010 20:32, Alex escribió:
> Hello there,
> May I ask some questions please?
> 1/ What is the encapsulation on this link?
> 2/ What are the link IP addresses: public or private? If public do you 
> advertise these link addresses to the Internet at large?
> 3/ Do these addresses overlap with addresses somewhere else in Your 
> network? Perhaps in VRF?
> Regards
> Alex
>
>     ----- Original Message -----
>     *From:* juniper at iber-x.com <mailto:juniper at iber-x.com>
>     *To:* Alex <mailto:alex.arseniev at gmail.com> ;
>     juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>     *Sent:* Monday, May 17, 2010 4:25 PM
>     *Subject:* Re: [j-nsp] ssb NH: resolutions from x throttled
>
>     Hi,
>
>     Our router M20 is divided in two logical routers, one is the
>     physical and the other is the logical. And it is in the logical
>     tunnel interface, lt-0/2/0, where the problem are. And it is only
>     in that two interfaces where we've thought to apply the statement:
>     'proxy-arp'. What is it your opinion about the implementation in
>     this scenario?
>
>     Do you have any other idea to solve this message in our Juniper's
>     log without make a JUNO's upgrade? I would appreciate it because
>     we are trying to solve it for a long time without success.
>
>     Thanks,
>
>
>     El 17/05/2010 11:16, Alex escribió:
>>     I am sure You realise "proxy-arp" is an ARP Response function:
>>
>>     Warning: If you configure unrestricted proxy ARP, the proxy
>>     router replies to ARP requests for the target IP address on the
>>     same interface as the incoming ARP request.
>>     http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html
>>
>>
>>     So if You have another JUNOS box sitting on the same PE-CE subnet
>>     with M20, and M20 has traffic coming in from its core-facing
>>     interface and addressed to unassigned IP addresses on said
>>     subnet, You can always configure "proxy-arp" on that other JUNOS
>>     box in order to respond to M20 and keep poor old M20 happy...
>>
>>     Cheers
>>     Alex
>>
>>     ----- Original Message ----- From: <juniper at iber-x.com>
>>     To: "Christoph Blecker" <admin at toph.ca>;
>>     <juniper-nsp at puck.nether.net>
>>     Sent: Monday, May 17, 2010 10:45 AM
>>     Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
>>
>>
>>     Hello,
>>
>>     Yes, we had read this upgrade recomendation but we are looking
>>     for an
>>     alternative solution. How I said, we read that there is a
>>     possibility to
>>     set a 'proxy-arp' option for a particular interface
>>     (http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html)
>>
>>     and maybe it exists a statement for the opposite because we think
>>     that
>>     perhaps it will solve the 'problem'.
>>
>>     Set this statement is only one idea (probably it doesn't work)
>>     but, does
>>     anyone have another idea?
>>
>>     Thanks for your help and time,
>>
>>
>>     El 17/05/2010 10:18, Christoph Blecker escribió:
>>>     -----BEGIN PGP SIGNED MESSAGE-----
>>>     Hash: SHA1
>>>
>>>     Hello,
>>>     The issue appears to be a bug in the JUNOS version you are
>>>     running. A
>>>     quick Google search turned up the following:
>>>
>>>     http://www.juniper.net/techpubs/software/junos/junos73/rn-sw-73/previous-releases.html
>>>
>>>
>>>     "If a router receives rapid multicast traffic from various
>>>     groups or
>>>     sources that do not have entries in the forwarding table, the
>>>     router
>>>     might generate the ?router-name feb NH: resolutions from iif number
>>>     throttled? system log message and might delay the installation of
>>>     forwarding table entries for some of these multicast packets.
>>>     [PR/46474:
>>>     This issue has been resolved.]"
>>>
>>>     Solution would be to review your hardware and upgrade your JUNOS
>>>     version
>>>     as applicable. ARP resolution is a normal and necessary funtion
>>>     of the
>>>     router, and you would not want to disable it (I'm not even sure
>>>     there
>>>     *is* a way to disable it withing JUNOS).
>>>
>>>     Cheers,
>>>     - -Christoph
>>>
>>>     On 10-05-17 01:43 AM, juniper at iber-x.com wrote:
>>>
>>>>     Hi there,
>>>>
>>>>     We have a Juniper M20 with JUNOS 7.3R1.4, old version :( .. and
>>>>     since
>>>>     few we have in our log these entries:
>>>>
>>>>     May 10 23:49:48.177 2010  xxxxx ssb NH: resolutions from iif 73
>>>>     throttled
>>>>     May 10 23:50:41.168 2010  xxxxx ssb NH: resolutions from iif 88
>>>>     throttled
>>>>     ..
>>>>
>>>>     Someone told us that maybe was a  port/ip scan on an Ethernet
>>>>     subnet and
>>>>     this causes a flood of ARP requests.
>>>>     We found that there is a statement to set the 'proxy-arp' option:
>>>>
>>>>     [edit]
>>>>     user at host# set interfaces interface-name unit
>>>>     logical-unit-number proxy-arp
>>>>
>>>>     But we can't find the opposite statement, I mean that the
>>>>     router doesn't
>>>>     register any arp resolution in one interface.
>>>>
>>>>     Also we read that it was a problem [PR/46474] solved since the
>>>>     version
>>>>     7.3R3 but we have an older JUNOS version..
>>>>
>>>>     Does anyone know how to solve this 'problem'?
>>>>
>>>>     Thanks in advance,
>>>>
>>>>
>>>>
>>>>     _______________________________________________
>>>>     juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>
>>>     -----BEGIN PGP SIGNATURE-----
>>>     Version: GnuPG v1.4.10 (GNU/Linux)
>>>     Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>>
>>>     iEYEARECAAYFAkvxCdsACgkQg4DtNh1wGhrzaQCfbYbgJQAFUg5O/Gg/KTshJBoi
>>>     pz8AnAqD659S7c2PFCE+c2XlIo1yGWQb
>>>     =wANs
>>>     -----END PGP SIGNATURE-----
>>>
>>>
>>
>>     _______________________________________________
>>     juniper-nsp mailing list juniper-nsp at puck.nether.net
>>     https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>

More information about the juniper-nsp mailing list