Tim, > > Anyone encountered anything like this before? Any ways to mitigate? >
I feel your pain. The EXes have a very, very, very weak link between routing & forwarding engine (hardcoded to a limit of 1,000 pps). I don't know if they've finally gotten around to it, but as of a year or so ago they did not even have priority queues for that, so IS-IS/BGP/OSPF sessions were dropped due to ARPs between end user stations etc. Your best bet is likely to impose a very very hard broadcast storm control setting to your customers using set ethernet-switching-options storm-control interface <x> bandwidth 500k (experiment during next flood ;)) Or set the broadcast limit even lower (I think 100k is the lowest possible) and add no-unknown-unicast under storm-control, as the regular ethernet flooding should not be a problem for the EXes. The biggest problem is with "router alert" style traffic (i.e., most broadcasts or all-nodes multicast etc), if that gets looped the EX will soon start dropping control protocol traffic, losing BFD/LACP/IS-IS adjacencies etc. Kind regard, Felix -- Felix Schüren Head of Network ----------------------------------------------------------------------- Host Europe GmbH - http://www.hosteurope.de Welserstraße 14 - 51149 Köln - Germany Telefon: 0800 467 8387 - Fax: +49 180 5 66 3233 (*) HRB 28495 Amtsgericht Köln - USt-IdNr.: DE187370678 Geschäftsführer: Patrick Pulvermüller, Thomas Vollrath (*) 0,14 EUR/Min. aus dem dt. Festnetz; maximal 0,42 EUR/Min. aus den dt. Mobilfunknetzen _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
