[j-nsp] punting base address packets to RE

Saku Ytti saku at ytti.fi
Tue Aug 25 05:45:26 EDT 2015


On (2015-08-24 18:38 +0000), Michael Hare wrote:

Hey,

> Sorry if this is remedial, but are packets sent to the base address of a directly connected subnet always punted to RE and if so, why?  Historic compatibility?  I couldn't determine any bucket under the ddos-protection protocol statistics such traffic ends up in, either.  I haven't seen any negative side effects of this, only noticing this after I followed up on a high pps drop rate for one of our routing engines.  This seems to happen regardless of what I have 'targeted-broadcast' configured with [absent, forward-only].

Terrific question, I don't know, I don't think there is any real reason why
those need to be punted.
It's probably something people have done in their IP implementation and it has
just carried over in fear of changing the behaviour might break something, and
almost certainly someone now relies on this behaviour for what ever strange
reasons.

Pretty sure you'll see them in ddos-protection in what ever protocol the
traffic is, ddos-protection would not care about your DADDR, because decision
to punt was done before ddos-protection got the frame.


> For what it's worth, the above is an MX104, but I also see this on other MX MPC hardware.

-- 
  ++ytti


More information about the juniper-nsp mailing list