Rate limiting arp packets – Brocade BigIron RX Series Configuration Guide User Manual
Page 268
190
BigIron RX Series Configuration Guide
53-1002484-04
Configuring ARP parameters
7
is reset to zero each time the device receives an ARP reply or ARP request containing the IP
address and MAC address of the entry. If a dynamic entry reaches its maximum allowable age,
the entry times out and the software removes the entry from the table. Static entries do not
age out and can be removed only by you.
•
If the ARP cache does not contain an entry for the destination IP address, the device
broadcasts an ARP request out all its IP interfaces. The ARP request contains the IP address of
the destination. If the device with the IP address is directly attached to the device, the device
sends an ARP response containing its MAC address. The response is a unicast packet
addressed directly to the device. The device places the information from the ARP response into
the ARP cache.
ARP requests contain the IP address and MAC address of the sender, so all devices that
receive the request learn the MAC address and IP address of the sender and can update their
own ARP caches accordingly.
NOTE
The ARP request broadcast is a MAC broadcast, which means the broadcast goes only to devices
that are directly attached to the device. A MAC broadcast is not routed to other networks. However,
some routers, including the device, can be configured to reply to ARP requests from one network on
behalf of devices on another network. Refer to
NOTE
If the router receives an ARP request packet that it is unable to deliver to the final destination
because of the ARP timeout and no ARP response is received (the device knows of no route to the
destination address), the router sends an ICMP Host Unreachable message to the source.
NOTE
For the MAC address that has an ARP entry but not a MAC entry, the default behavior is to delete the
ARP entry. However, to handle topologies that involve MicroSoft Network Load Balancing (MSNLB)
servers, a new CLI command arp-l2-mac-match-flag set is introduced in the config mode. The
arp-l2-mac-match-flag set command enables sending of ARP-requests instead of deleting the ARP
entry for the MAC address that has an ARP entry but not the MAC entry. The command no
arp-l2-mac-match-flag set restores the default behavior.
Rate limiting ARP packets
You can limit the number of ARP packets the device accepts during each second. By default, the
software does not limit the number of ARP packets the device can receive. Since the device sends
ARP packets to the CPU for processing, if a device in a busy network receives a high number of ARP
packets in a short period of time, some CPU processing might be deferred while the CPU processes
the ARP packets.
To prevent the CPU from becoming flooded by ARP packets in a busy network, you can restrict the
number of ARP packets the device will accept each second. When you configure an ARP rate limit,
the device accepts up to the maximum number of packets you specify, but drops additional ARP
packets received during the one-second interval. When a new one-second interval starts, the
counter restarts at zero, so the device again accepts up to the maximum number of ARP packets
you specified, but drops additional packets received within the interval.
To limit the number of ARP packets the device will accept each second, enter a command such as
the following at the global CONFIG level of the CLI.