[j-nsp] ARP resolution algorithm? Storage of MX transit packets?

Krasimir Avramski krasi at smartcom.bg
Thu Jan 31 11:45:06 EST 2019 

At least It will not flood ARPs under segment network probes.

In the past these punts were throttled in the PFE . This was done with
default values of 66 pps per segment with an upper merit of 500 per PFE.
You would had seen the following entry in the syslog: "NH: resolutions from
iif 90 throttled".

I haven't seen these messages recently? -  I do not know how NH rsvl punt
policers are integrated with DDoS arp/resolve system.

Best Regards,
Krasi

On Thu, 31 Jan 2019 at 18:12, Saku Ytti <saku at ytti.fi> wrote:

> On Thu, 31 Jan 2019 at 16:22, Krasimir Avramski <krasi at smartcom.bg> wrote:
>
> > Yes, you can for ipv4/ipv6:
> >
> https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/arp-learning-neighor-discovery-disabling.html
> >
> > With the ability to set static ARP/ND you definitely could offload host
> route programming to external system.
>
> Cool. Have you tried it? In my trivial test it does not disable punting:
>
> ytti at r24.labxtx01.us.bb-re1# run show route forwarding-table table
> default destination 192.0.2.0/24
> Routing table: default.inet
> Internet:
> Destination        Type RtRef Next hop           Type Index    NhRef Netif
> 192.0.2.0/24       intf     0                    rslv      825     1 ae0.0
> 192.0.2.0/32       dest     0 192.0.2.0          recv      797     1 ae0.0
>
> {master}[edit interfaces ae0 unit 0 family inet]
> ytti at r24.labxtx01.us.bb-re1# set no-neighbor-learn
>
> {master}[edit interfaces ae0 unit 0 family inet]
> ytti at r24.labxtx01.us.bb-re1# commit
> re1:
> configuration check succeeds
> re0:
> commit complete
> re1:
> commit complete
>
> {master}[edit interfaces ae0 unit 0 family inet]
> ytti at r24.labxtx01.us.bb-re1# run show route forwarding-table table
> default destination 192.0.2.0/24
> Routing table: default.inet
> Internet:
> Destination        Type RtRef Next hop           Type Index    NhRef Netif
> 192.0.2.0/24       intf     0                    rslv      825     1 ae0.0
> 192.0.2.0/32       dest     0 192.0.2.0          recv      797     1 ae0.0
>
>
> It did disable resolution though, but it's not really attractive to me
> without disabling punting.
>
> --
>   ++ytti
>

More information about the juniper-nsp mailing list