On Thu, 31 Jan 2019 at 18:45, Krasimir Avramski <[email protected]> wrote:
> At least It will not flood ARPs under segment network probes. > > In the past these punts were throttled in the PFE . This was done with > default values of 66 pps per segment with an upper merit of 500 per PFE. You > would had seen the following entry in the syslog: "NH: resolutions from iif > 90 throttled". I don't think during punt that there is IP network (FIB entry) specific punt limit for transit packet needing resolution, that would be quite expensive. But certainly when DADDR is under resolution, it is no longer punted at all, but just dropped in HW. > I haven't seen these messages recently? - I do not know how NH rsvl punt > policers are integrated with DDoS arp/resolve system. I don't know either if it's before or after ddos or if they are completely gone now that ddos is there. From my POV we don't need them anywhere as DDoS is reasonable generic solution. I could check from the HW, but it's rather chore to navigate. -- ++ytti _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
