Background
If a device receives excessive Address Resolution Protocol (ARP) messages within a short period, the device becomes busy learning entries and replying to the ARP messages, which consumes a great number of CPU usages and adversely affects the processing of other services.
After ARP message rate limiting is configured, the device counts the number of ARP messages received within a specified period (1 second). If the number of ARP messages received within a specified period exceeds a specified threshold, the device ignores the excess ARP messages.
Related Concepts
The device supports the following rate limit ranges:
- Board-based rate limiting: takes effect on an interface board or a main control board.
- Interface-based rate limiting: takes effect on interfaces.
In addition, both board-based and interface-based rate limiting take effect in either of the following modes:
- All IP addresses-based rate limiting: The rate of all ARP messages received is limited on boards, regardless of IP addresses.
- Source or destination IP address-based mode: If no IP address is specified, the rate of ARP messages from each source or destination IP address is limited separately, and the rate limits for ARP messages from each source or destination IP address are the same.
- Specific source or destination IP address-based mode: The rate of ARP messages from a specific source or destination IP address is limited. The rate limits of ARP messages from source or destination IP addresses can be different.
If both board-based rate limiting and interface-based rate limiting are configured, interface-based rate limiting takes precedence over board-based rate limiting.
If multiple rate limiting modes are configured for board- or interface-based rate limiting, rules for selecting a mode are as follows:
- The specific source or destination IP address-based mode takes precedence over the source or destination IP address-based mode. The limit rate value with a higher priority takes effect.
- The source or destination IP address-based mode has the same priority as all IP addresses-based rate limiting. If rates are limited in both modes, a smaller rate value takes effect.