At least It will not flood ARPs under segment network probes. In the past these punts were throttled in the PFE . This was done with default values of 66 pps per segment with an upper merit of 500 per PFE. You would had seen the following entry in the syslog: "NH: resolutions from iif 90 throttled".
I haven't seen these messages recently? - I do not know how NH rsvl punt policers are integrated with DDoS arp/resolve system. Best Regards, Krasi On Thu, 31 Jan 2019 at 18:12, Saku Ytti <s...@ytti.fi> wrote: > On Thu, 31 Jan 2019 at 16:22, Krasimir Avramski <kr...@smartcom.bg> wrote: > > > Yes, you can for ipv4/ipv6: > > > https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/arp-learning-neighor-discovery-disabling.html > > > > With the ability to set static ARP/ND you definitely could offload host > route programming to external system. > > Cool. Have you tried it? In my trivial test it does not disable punting: > > y...@r24.labxtx01.us.bb-re1# run show route forwarding-table table > default destination 192.0.2.0/24 > Routing table: default.inet > Internet: > Destination Type RtRef Next hop Type Index NhRef Netif > 192.0.2.0/24 intf 0 rslv 825 1 ae0.0 > 192.0.2.0/32 dest 0 192.0.2.0 recv 797 1 ae0.0 > > {master}[edit interfaces ae0 unit 0 family inet] > y...@r24.labxtx01.us.bb-re1# set no-neighbor-learn > > {master}[edit interfaces ae0 unit 0 family inet] > y...@r24.labxtx01.us.bb-re1# commit > re1: > configuration check succeeds > re0: > commit complete > re1: > commit complete > > {master}[edit interfaces ae0 unit 0 family inet] > y...@r24.labxtx01.us.bb-re1# run show route forwarding-table table > default destination 192.0.2.0/24 > Routing table: default.inet > Internet: > Destination Type RtRef Next hop Type Index NhRef Netif > 192.0.2.0/24 intf 0 rslv 825 1 ae0.0 > 192.0.2.0/32 dest 0 192.0.2.0 recv 797 1 ae0.0 > > > It did disable resolution though, but it's not really attractive to me > without disabling punting. > > -- > ++ytti > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
