I tweaked “nd ns-interval” and the problem hasn’t returned yet. I will try your recommendation if it comes back. Thank you.
Regards, Nick From: Jörg Kost <j...@ip-clear.de> Sent: Friday, March 15, 2019 4:53 PM To: n...@ramnode.com Cc: foundry-nsp@puck.nether.net Subject: Re: [f-nsp] MLX IPv6 NCE Hi Nick, does show ipv6 | include host drop cam (config)#ipv6 max-host-drop-cam 256 resolve this issue? Doc says: To limit the usage of CAM by IPV6 hosts with unresolved ND, enter the ipv6 max-host-drop-cam command. Jörg On 16 Feb 2019, at 20:42, n...@ramnode.com <mailto:n...@ramnode.com> wrote: Hello, We sometimes encounter neighbor cache exhaustion attacks on our network. A remote IP beings scanning large portions of our customer IPv6 ranges, the IPv6 neighbor table on our router (MLX/XMR) fills up with INCOMP status entries, and connectivity remains impacted until the neighbor table is manually cleared. What settings should we use to prevent the table from filling up with and maintaining so many INCOMP entries? Regards, Nick _______________________________________________ foundry-nsp mailing list foundry-nsp@puck.nether.net <mailto:foundry-nsp@puck.nether.net> <http://puck.nether.net/mailman/listinfo/foundry-nsp> http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________ foundry-nsp mailing list foundry-nsp@puck.nether.net http://puck.nether.net/mailman/listinfo/foundry-nsp
