[j-nsp] Negative ARP caching, on an MX router (again)

Eduardo Schoedler listas at esds.com.br
Mon Apr 3 13:11:27 EDT 2017


Hi Clarke,

Maybe arp policer problem?
https://lists.gt.net/nsp/juniper/18201#18201


Regards,


2017-04-03 14:07 GMT-03:00 Clarke Morledge <chmorl at wm.edu>:
> I would like to revisit a question that has come up several times on the
> list:
>
> https://lists.gt.net/nsp/juniper/57670
> https://lists.gt.net/nsp/juniper/60797
>
> I am trying to figure out a way to cut down on unnecessary ARP requests,
> being generated by MX routers, when someone comes sweeping across my L3
> space, and triggering these unnecessary ARP broadcasts, for unused
> addresses.
>
> There is a possible solution of ARP sponging, but it would be really, really
> nice if there was something on-board with JUNOS to handle this, instead a
> rolling out a special purpose box:
>
> https://ams-ix.net/technical/specifications-descriptions/controlling-arp-traffic-on-ams-ix-platform
>
> Ideally, if JUNOS could do something like this:
>
> (a) Get a request from an incoming packet that would trigger an ARP request
> to go out.
>
> (b) If the router does not get a response back after X number of tries in Y
> number of seconds, put some type of dummy MAC address in the ARP cache that
> can be easily sinkholed.
>
> (c) Stay in this state for Z number of seconds, before flushing that dummy
> MAC address out of the cache, and then re-enabling ARP for that particular
> address.
>
> (d) In addition, the router would passively listen for packets coming into
> the L3 interface that would overwrite the dummy MAC address in the ARP cache
> with a (hopefully) legitimate MAC address, which would allow the process to
> exit out of the above state, without waiting for the above "Z" timer to
> expire.
>
> Is there any way that JUNOS on an MX could configured to do this?
> Enhancement request anyone?
>
>
> Clarke Morledge
> College of William and Mary
> Information Technology - Network Engineering
> Jones Hall (Room 18)
> Williamsburg VA 23187
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
Eduardo Schoedler


More information about the juniper-nsp mailing list