Last I knew this was an architecture problem and was not yet addressed. I can't recommend Juniper right now for any platform that might get internet scanned and having a large connected subnet as a result.
- Jared > On Apr 3, 2017, at 1:11 PM, Eduardo Schoedler <lis...@esds.com.br> wrote: > > Hi Clarke, > > Maybe arp policer problem? > https://lists.gt.net/nsp/juniper/18201#18201 > > > Regards, > > > 2017-04-03 14:07 GMT-03:00 Clarke Morledge <chm...@wm.edu>: >> I would like to revisit a question that has come up several times on the >> list: >> >> https://lists.gt.net/nsp/juniper/57670 >> https://lists.gt.net/nsp/juniper/60797 >> >> I am trying to figure out a way to cut down on unnecessary ARP requests, >> being generated by MX routers, when someone comes sweeping across my L3 >> space, and triggering these unnecessary ARP broadcasts, for unused >> addresses. >> >> There is a possible solution of ARP sponging, but it would be really, really >> nice if there was something on-board with JUNOS to handle this, instead a >> rolling out a special purpose box: >> >> https://ams-ix.net/technical/specifications-descriptions/controlling-arp-traffic-on-ams-ix-platform >> >> Ideally, if JUNOS could do something like this: >> >> (a) Get a request from an incoming packet that would trigger an ARP request >> to go out. >> >> (b) If the router does not get a response back after X number of tries in Y >> number of seconds, put some type of dummy MAC address in the ARP cache that >> can be easily sinkholed. >> >> (c) Stay in this state for Z number of seconds, before flushing that dummy >> MAC address out of the cache, and then re-enabling ARP for that particular >> address. >> >> (d) In addition, the router would passively listen for packets coming into >> the L3 interface that would overwrite the dummy MAC address in the ARP cache >> with a (hopefully) legitimate MAC address, which would allow the process to >> exit out of the above state, without waiting for the above "Z" timer to >> expire. >> >> Is there any way that JUNOS on an MX could configured to do this? >> Enhancement request anyone? >> >> >> Clarke Morledge >> College of William and Mary >> Information Technology - Network Engineering >> Jones Hall (Room 18) >> Williamsburg VA 23187 >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp > > > > -- > Eduardo Schoedler > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp