This is a conscious design decision / best practice used in routers for decades. We’re not going to change this behavior.
Imagine what happens when a DDoS attack sends one packet to each of a large number of nonexistent hosts behind a certain router: all of its packet buffers end up on a reinject queue waiting for ARP replies. Even with ARP throttling [which vpp also uses] and with aggressive drop timers, it’s a bad idea. D. From: [email protected] <[email protected]> On Behalf Of Andreas Schultz Sent: Friday, December 14, 2018 5:04 AM To: [email protected] Subject: [vpp-dev] first packet to yet unknown IP is lost Hi, There seems to some problem with ARP resolution and IP forwarding. The first packet destined to an yet unknown IP is dropped. It does triggers a ARP request, but the packet should be held in some kind of queue till then ARP response arrives and the be forwarded. Clearly this does not happen (at least with AF-Packet interfaces). The simplest way to observe this to start a new VPP instance and try to ping its interfaces. The first ICMP request will not be answered. Regards Andreas -- -- Dipl.-Inform. Andreas Schultz ----------------------- enabling your networks ---------------------- Travelping GmbH Phone: +49-391-81 90 99 0 Roentgenstr. 13 Fax: +49-391-81 90 99 299 39108 Magdeburg Email: [email protected]<mailto:[email protected]> GERMANY Web: http://www.travelping.com Company Registration: Amtsgericht Stendal Reg No.: HRB 10578 Geschaeftsfuehrer: Holger Winkelmann VAT ID No.: DE236673780 ---------------------------------------------------------------------
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11603): https://lists.fd.io/g/vpp-dev/message/11603 Mute This Topic: https://lists.fd.io/mt/28751128/21656 Group Owner: [email protected] Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
