By saying "probing" I mean someone is sending packets towards Your link' /30
including network (e.g. X.Y.Z.0) and broadcast (e.g. X.Y.Z.3) address. Hence
unnecessary resolution requests being throttled.
I suggest You start using /31 or, if that's not possible, drop packets destined
to Your link' X.Y.Z.0 and X.Y.Z.3 inbound by means of JUNOS firewall filter.
Rgds
Alex
----- Original Message -----
From: juni...@iber-x.com
To: Alex
Cc: juniper-nsp@puck.nether.net
Sent: Monday, May 24, 2010 7:21 PM
Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
Hi there,
I'm apologize by the delay in my reply.
We have made some test from different Internet route-server and since there
we are seeing our networks without any announce problem.
We have also checked if someone is announcing a part of our network with less
than /24 but we didn't detect this problem.
Is there another way to check if someone else from Internet is probing our
addres block?
Thanks,
El 18/05/2010 20:21, Alex escribió:
Hello there,
I believe someone from Internet could be probing Your address block
including network and broadcast IP addresses on frame-relay link. Hence
unnecessary "resolutions" are throttled and event logged.
Is it possible to change the /30 to /31? Same for IPv6, I'd suggest to try
/126.
If not then I'd suggest to block traffic from Internet to Your /30 with FW
filter unless there is a legitimate reason for Internet users to access these
IPs.
Regards
Alex
----- Original Message -----
From: juni...@iber-x.com
To: Alex ; juniper-nsp@puck.nether.net
Sent: Tuesday, May 18, 2010 4:43 PM
Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
Hi,
Regardings your questions,
1.- The encapsulation in these interfaces is frame-relay.
2.- Addresses are public and we don't advertise this /30 link to the
Internet only the general range of IP.
3.- There isn't the same IPs in other interfaces.
The configuration of this particular interface is:
lt-0/2/0 {
unit 101 {
encapsulation frame-relay;
dlci 100;
peer-unit 100;
family inet {
no-redirects;
address x/30;
}
family iso;
family inet6 {
y/124;
z/64;
}
family mpls;
}
}
Thanks for your time,
El 17/05/2010 20:32, Alex escribió:
Hello there,
May I ask some questions please?
1/ What is the encapsulation on this link?
2/ What are the link IP addresses: public or private? If public do you
advertise these link addresses to the Internet at large?
3/ Do these addresses overlap with addresses somewhere else in Your
network? Perhaps in VRF?
Regards
Alex
----- Original Message -----
From: juni...@iber-x.com
To: Alex ; juniper-nsp@puck.nether.net
Sent: Monday, May 17, 2010 4:25 PM
Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
Hi,
Our router M20 is divided in two logical routers, one is the physical
and the other is the logical. And it is in the logical tunnel interface,
lt-0/2/0, where the problem are. And it is only in that two interfaces where
we've thought to apply the statement: 'proxy-arp'. What is it your opinion
about the implementation in this scenario?
Do you have any other idea to solve this message in our Juniper's log
without make a JUNO's upgrade? I would appreciate it because we are trying to
solve it for a long time without success.
Thanks,
El 17/05/2010 11:16, Alex escribió:
I am sure You realise "proxy-arp" is an ARP Response function:
Warning: If you configure unrestricted proxy ARP, the proxy router
replies to ARP requests for the target IP address on the same interface as the
incoming ARP request.
http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html
So if You have another JUNOS box sitting on the same PE-CE subnet
with M20, and M20 has traffic coming in from its core-facing interface and
addressed to unassigned IP addresses on said subnet, You can always configure
"proxy-arp" on that other JUNOS box in order to respond to M20 and keep poor
old M20 happy...
Cheers
Alex
----- Original Message ----- From: <juni...@iber-x.com>
To: "Christoph Blecker" <ad...@toph.ca>;
<juniper-nsp@puck.nether.net>
Sent: Monday, May 17, 2010 10:45 AM
Subject: Re: [j-nsp] ssb NH: resolutions from x throttled
Hello,
Yes, we had read this upgrade recomendation but we are looking for
an
alternative solution. How I said, we read that there is a
possibility to
set a 'proxy-arp' option for a particular interface
(http://www.juniper.net/techpubs/software/junos/junos90/swconfig-network-interfaces/configuring-unrestricted-proxy-arp.html)
and maybe it exists a statement for the opposite because we think
that
perhaps it will solve the 'problem'.
Set this statement is only one idea (probably it doesn't work) but,
does
anyone have another idea?
Thanks for your help and time,
El 17/05/2010 10:18, Christoph Blecker escribió:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
The issue appears to be a bug in the JUNOS version you are
running. A
quick Google search turned up the following:
http://www.juniper.net/techpubs/software/junos/junos73/rn-sw-73/previous-releases.html
"If a router receives rapid multicast traffic from various groups
or
sources that do not have entries in the forwarding table, the
router
might generate the ?router-name feb NH: resolutions from iif
number
throttled? system log message and might delay the installation of
forwarding table entries for some of these multicast packets.
[PR/46474:
This issue has been resolved.]"
Solution would be to review your hardware and upgrade your JUNOS
version
as applicable. ARP resolution is a normal and necessary funtion
of the
router, and you would not want to disable it (I'm not even sure
there
*is* a way to disable it withing JUNOS).
Cheers,
- -Christoph
On 10-05-17 01:43 AM, juni...@iber-x.com wrote:
Hi there,
We have a Juniper M20 with JUNOS 7.3R1.4, old version :( .. and
since
few we have in our log these entries:
May 10 23:49:48.177 2010 xxxxx ssb NH: resolutions from iif 73
throttled
May 10 23:50:41.168 2010 xxxxx ssb NH: resolutions from iif 88
throttled
..
Someone told us that maybe was a port/ip scan on an Ethernet
subnet and
this causes a flood of ARP requests.
We found that there is a statement to set the 'proxy-arp'
option:
[edit]
u...@host# set interfaces interface-name unit
logical-unit-number proxy-arp
But we can't find the opposite statement, I mean that the
router doesn't
register any arp resolution in one interface.
Also we read that it was a problem [PR/46474] solved since the
version
7.3R3 but we have an older JUNOS version..
Does anyone know how to solve this 'problem'?
Thanks in advance,
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkvxCdsACgkQg4DtNh1wGhrzaQCfbYbgJQAFUg5O/Gg/KTshJBoi
pz8AnAqD659S7c2PFCE+c2XlIo1yGWQb
=wANs
-----END PGP SIGNATURE-----
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
