[j-nsp] ARP resolution algorithm? Storage of MX transit packets?
Saku Ytti
saku at ytti.fi
Thu Jan 31 11:58:44 EST 2019
On Thu, 31 Jan 2019 at 18:45, Krasimir Avramski <krasi at smartcom.bg> wrote:
> At least It will not flood ARPs under segment network probes.
>
> In the past these punts were throttled in the PFE . This was done with default values of 66 pps per segment with an upper merit of 500 per PFE. You would had seen the following entry in the syslog: "NH: resolutions from iif 90 throttled".
I don't think during punt that there is IP network (FIB entry)
specific punt limit for transit packet needing resolution, that would
be quite expensive. But certainly when DADDR is under resolution, it
is no longer punted at all, but just dropped in HW.
> I haven't seen these messages recently? - I do not know how NH rsvl punt policers are integrated with DDoS arp/resolve system.
I don't know either if it's before or after ddos or if they are
completely gone now that ddos is there. From my POV we don't need them
anywhere as DDoS is reasonable generic solution. I could check from
the HW, but it's rather chore to navigate.
--
++ytti
More information about the juniper-nsp
mailing list