ARP Entry Limit

Background

If a device receives excessive Address Resolution Protocol (ARP) packets in a short period, the device's buffer will overflow, interrupting services of authorized users.

This problem can be solved by configuring an ARP entry limit on the device. After ARP entry limit is configured, the device limits the number of ARP entries that each interface can learn, preventing ARP entry overflow and improving ARP entry security.

Implementation

Figure 1 shows how ARP entry limit is implemented.

Figure 1 ARP entry limit

As shown in Figure 1, hosts communicate with the Internet through a provider edge (PE). If ARP entry limit is not enabled, the PE may receive a large number of ARP packets in a short period, causing an ARP entry overflow. As a result, authorized user traffic is interrupted.

Configure an ARP entry limit on the PE and set the maximum number of ARP entries that Interface 1 can learn to 100. After the PE learns the ARP entries of 100 hosts, it will not learn any more ARP entries.

Usage Scenario

ARP entry limit is deployed on access and aggregation devices.

Benefits

ARP entry limit prevents ARP entry overflows. Therefore, network security and reliability are improved.