No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
ARP Packet Rate Limit

ARP Packet Rate Limit

Background

If a device receives excessive Address Resolution Protocol (ARP) packets in a short period, the device becomes busy learning entries and replying to the ARP packets, which can interrupt the processing of other services.

You can solve this problem by configuring an ARP packet rate limit on the device. After ARP packet rate limit is configured, the device counts the number of received ARP packets received. If the number of ARP packets received in a specified period exceeds an upper limit, the device does not process the excess ARP packets.

Related Concepts

ARP packet rate limit can be implemented based on one of the following fields in a packet:
  • User addresses: If a user sends a large number of ARP packets in a short period, you can configure an ARP packet rate limit for this user's address, to prevent packets from this address from consuming excessive CPU resources.
    • Source media access control (MAC) addresses: This mode allows you to configure an ARP packet rate limit for a specific MAC address or all MAC addresses. If no source MAC address is specified, a configured ARP packet rate limit is effective for all source MAC addresses. If the number of ARP packets received per second exceeds the threshold, the device discards the excess ARP packets.
    • Source IP addresses: This mode allows you to configure an ARP packet rate limit for a specific IP address or all source IP addresses. If no source IP address is specified, a configured ARP packet rate limit is effective for all source IP addresses. If the number of ARP packets received per second exceeds the threshold, the device discards the excess ARP packets.
    • Destination IP addresses: This mode allows you to restrict the rate of packets to be sent to the CPU based on the destination IP address. If the rate at which ARP packets with the same destination IP address are received exceeds the threshold, the device discards the excess ARP packets.
  • Virtual local area network (VLAN) IDs: If a device in a VLAN receives a large number of ARP packets in a short period, you can configure an ARP packet rate limit for this VLAN, to prevent user packets in the VLAN from consuming excessive CPU resources.

Usage Scenario

ARP packet rate limit is deployed on access and aggregation devices.

Benefits

ARP packet rate limit helps prevent CPU exhaustion.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 12549

Downloads: 29

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next