Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

global-arp-prefix-limit (Host Fast Reroute)

Syntax

Hierarchy Level

Description

Set the ARP prefix limit for all host fast-reroute (HFRR) profiles on the routing device.

When you configure HFRR, an optional ARP prefix limit sets a maximum for the number of ARP routes and, therefore FRR routes created for each HFRR profile in the routing table. This limit prevents ARP attacks from exhausting the virtual memory on the routing devices.

There are two configuration statements (global-arp-prefix-limit and arp-prefix-limit) that set the ARP prefix limit, one at the global [edit routing-options host-fast-reroute] hierarchy level and the other at the [edit routing-instances instance-name routing-options interface interface-name] hierarchy level, respectively. The global global-arp-prefix-limit statement sets a default ARP prefix limit for all HFRR profiles configured on the routing device. The arp-prefix-limit statement overrides the global-arp-prefix-limit for that HFRR profile for that protected interface.

Warning system log messages begin when the ARP routes in an HFRR profile reaches 80% of the configured limit. When the number crosses the 100% threshold, the HFRR profile is deactivated. When this happens, all ARP/FRR routes are deleted from the routing table. FRR routes are deleted from forwarding table as well.

After the HFRR profile is deactivated, a blackout timer is started. The timeout value of this timer is the ARP cache timeout (kernel timeout) + the supplementary blackout timer.

There are global and per-HFRR CLI statements (global-supplementary-blackout-timer and supplementary-blackout-timer) to configure the supplementary blackout timer. The global value is at the [edit routing-options host-fast-reroute] hierarchy level and applies to all HFRR profiles on the routing device. The value for the routing-instance interface is at the [edit routing-instances instance-name routing-options interface interface-name] hierarchy level, and overrides the global value for that HFRR profile only.

When the blackout timer expires, the HFRR profile is reactivated, and the Junos OS relearns the ARP routes and re-creates the HFRR routes. If the ARP prefix limit is not exceeded again, the HFRR routes will be up.

If an HFRR profile is in the deactivated state, a reevaluation of the ARP state is preformed during every commit operation or whenever the routing process (rpd) is restarted with the restart routing command.

Default

If you omit the-arp-prefix-limit statement, the global-arp-prefix-limit takes effect for all HFRR profiles on the device. If you omit both of these statements, there is no ARP prefix limit for host fast reroute.

Options

number

Maximum number of ARP HFRR routes allowed.

  • Range: 1 through 10,000 HFRR routes

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.2.