display arp-miss speed-limit source-ip
Function
Using the display arp-miss speed-limit source-ip command, you can view the rate of source-address-based timestamp suppression for Address Resolution Protocol (ARP) Miss messages.
Usage Guidelines
Usage Scenario
Attackers may use specific tools to scan hosts on one network segment or hosts on different network segments. Before routers respond with reply packets, the routers search for ARP entries. If the MAC addresses of the destination IP addresses do not exist, the ARP module of the routers will send ARP Miss messages to the upper-layer software, requiring the upper-layer software to send ARP Request messages to obtain the corresponding MAC addresses. A great number of scanning packets generate abundant ARP Miss messages. The router then wastes resources in processing the ARP Miss messages, which affects the processing of other services.
The output of the display arp-miss speed-limit source-ip command includes:- Slot number of the specified interface board
- Message type of timestamp suppression
- Timestamp suppression rate This command is supported only by physical systems (PSs).
Prerequisites
To ensure the effectiveness when running the command, the timestamp suppression rate should have been set for ARP Miss messages by using the arp-miss speed-limit command.
Example
The actual command output varies according to the device. The command output here is only an example.
<HUAWEI> display arp-miss speed-limit source-ip
Slot SuppressType SuppressValue
---------------------------------------------------
0 ARP-miss 500
| Item | Description |
|---|---|
| Slot | Slot number of the board. |
| SuppressType | Type of timestamp suppression. |
| SuppressValue | Rate of source-address-based timestamp suppression. |