Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

supplementary-blackout-timer (Host Fast Reroute)

Syntax

Hierarchy Level

Description

Override the global supplementary blackout timer for the specified host fast-reroute (HFRR) profile.

When you configure HFRR, an optional ARP prefix limit sets a maximum for the number of ARP routes and, therefore FRR routes created for each HFRR profile in the routing table. This limit prevents ARP attacks from exhausting the virtual memory on the routing devices.

There are two configuration statements (global-arp-prefix-limit and arp-prefix-limit) that set the ARP prefix limit, one at the global [edit routing-options host-fast-reroute] hierarchy level and the other at the [edit routing-instances instance-name routing-options interface interface-name] hierarchy level, respectively. The global global-arp-prefix-limit statement sets a default ARP prefix limit for all HFRR profiles configured on the routing device. The arp-prefix-limit statement overrides the global-arp-prefix-limit for that HFRR profile for that protected interface.

Warning system log messages begin when the ARP routes in an HFRR profile reaches 80% of the configured limit. When the number crosses the 100% threshold, the HFRR profile is deactivated. When this happens, all ARP/FRR routes are deleted from the routing table. FRR routes are deleted from forwarding table as well.

After the HFRR profile is deactivated, a blackout timer is started. The timeout value of this timer is the ARP cache timeout (kernel timeout) + the supplementary blackout timer.

There are global and per-HFRR CLI statements (global-supplementary-blackout-timer and supplementary-blackout-timer) to configure the supplementary blackout timer. The global value is at the [edit routing-options host-fast-reroute] hierarchy level and applies to all HFRR profiles on the routing device. The value for the routing-instance interface is at the [edit routing-instances instance-name routing-options interface interface-name] hierarchy level, and overrides the global value for that HFRR profile only.

When the blackout timer expires, the HFRR profile is reactivated, and the Junos OS relearns the ARP routes and re-creates the HFRR routes. If the ARP prefix limit is not exceeded again, the HFRR routes will be up.

If an HFRR profile is in the deactivated state, a reevaluation of the ARP state is preformed during every commit operation or whenever the routing process (rpd) is restarted with the restart routing command.

Default

If you omit the-supplementary-blackout-timer statement, the global-supplementary-blackout-timer takes effect for all HFRR profiles on the device. If you omit both of these statements, the blackout timeout value is set to the ARP cache timeout value, which by default is 20 minutes and is configurable with the aging-timer statement at the [edit system arp] hierarchy level.

Options

minutes

Number of minutes, in addition to the ARP cache timeout value, before an HFRR profile is reactivated after the ARP prefix limit is exceeded.

  • Range: 1 through 15 minutes

Required Privilege Level

routing—To view this statement in the configuration.

routing-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.2.