No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP Entry Limit

ARP Entry Limit

Background

If a device receives excessive Address Resolution Protocol (ARP) packets in a short period, the device's buffer will overflow, interrupting services of authorized users.

This problem can be solved by configuring an ARP entry limit on the device. After ARP entry limit is configured, the device limits the number of ARP entries that each interface can learn, preventing ARP entry overflow and improving ARP entry security.

Implementation

Figure 3-3 shows how ARP entry limit is implemented.
Figure 3-3 ARP entry limit

As shown in Figure 3-3, hosts communicate with the Internet through a provider edge (PE). If ARP entry limit is not enabled, the PE may receive a large number of ARP packets in a short period, causing an ARP entry overflow. As a result, authorized user traffic is interrupted.

Configure an ARP entry limit on the PE and set the maximum number of ARP entries that Interface 1 can learn to 100. After the PE learns the ARP entries of 100 hosts, it will not learn any more ARP entries.

Usage Scenario

ARP entry limit is deployed on access and aggregation devices.

Benefits

ARP entry limit prevents ARP entry overflows. Therefore, network security and reliability are improved.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 14128

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next