global-arp-prefix-limit (Host Fast Reroute)
Syntax global-arp-prefix-limit number;
Hierarchy Level [edit logical-systems logical-system-name routing-options host-fast-reroute],
[edit routing-options host-fast-reroute]
Release Information Statement introduced in Junos OS Release 12.2.
Description Set the ARP prefix limit for all host fast-reroute (HFRR) profiles on the routing device.
When you configure HFRR, an optional ARP prefix limit sets a maximum for the number
of ARP routes and, therefore FRR routes created for each HFRR profile in the routing
table. This limit prevents ARP attacks from exhausting the virtual memory on the routing
devices.
There are two configuration statements (global-arp-prefix-limit and arp-prefix-limit) that
set the ARP prefix limit, one at the global [edit routing-options host-fast-reroute] hierarchy
level and the other at the [edit routing-instances instance-name routing-options interface
interface-name] hierarchy level, respectively. The global global-arp-prefix-limit statement
sets a default ARP prefix limit for all HFRR profiles configured on the routing device. The
arp-prefix-limit statement overrides the global-arp-prefix-limit for that HFRR profile for
that protected interface.
Warning system log messages begin when the ARP routes in an HFRR profile reaches
80% of the configured limit. When the number crosses the 100% threshold, the HFRR
profile is deactivated. When this happens, all ARP/FRR routes are deleted from the routing
table. FRR routes are deleted from forwarding table as well.
After the HFRR profile is deactivated, a blackout timer is started. The timeout value of
this timer is the ARP cache timeout (kernel timeout) + the supplementary blackout timer.
There are global and per-HFRR CLI statements (global-supplementary-blackout-timer
and supplementary-blackout-timer) to configure the supplementary blackout timer. The
global value is at the [edit routing-options host-fast-reroute] hierarchy level and applies
to all HFRR profiles on the routing device. The value for the routing-instance interface is
at the [edit routing-instances instance-name routing-options interface interface-name]
hierarchy level, and overrides the global value for that HFRR profile only.
When the blackout timer expires, the HFRR profile is reactivated, and the Junos OS
relearns the ARP routes and re-creates the HFRR routes. If the ARP prefix limit is not
exceeded again, the HFRR routes will be up.
If an HFRR profile is in the deactivated state, a reevaluation of the ARP state is preformed
during every commit operation or whenever the routing process (rpd) is restarted with
the restart routing command.
1537Copyright © 2017, Juniper Networks, Inc.
Chapter 41: Configuration Statements
To Next Page
Loading...
Need help?
General
