Configuring Arp Source Suppression; Configuring Arp Blackhole Routing - HP 5920 Series Configuration Manual
Hide thumbs
Also See for 5920 Series:
- Command reference manual (607 pages) ,
- Configuration manual (322 pages) ,
- Fc and fcoe configuration manual (257 pages)
Table of Contents
Advertisement
ARP source suppression—Stops resolving packets from a host if the upper limit on unresolvable IP
•
packets from the host is reached within an interval of 5 seconds. The device continues ARP
resolution when the interval elapses. This feature is applicable if the attack packets have the same
source addresses.
•
ARP blackhole routing—Creates a blackhole route destined for an unresolved IP address. The
device drops all matching packets until the blackhole route is deleted. A blackhole route is deleted
when its aging timer (25 seconds) is reached or the route becomes reachable.
After a blackhole route is created for an unresolved IP address, the device immediately starts the
first ARP blackhole route probe by sending an ARP request. If the resolution fails, the device
continues probing according to the probe settings. If the IP address resolution succeeds in a probe,
the device converts the blackhole route to a normal route. If an ARP blackhole route ages out
before the device finishes all probes, the device deletes the blackhole route and does not perform
the remaining probes.
This feature is applicable regardless of whether the attack packets have the same source
addresses.
Configuring ARP source suppression
Step
1.
Enter system view.
2.
Enable ARP source suppression.
3.
Set the maximum number of
unresolvable packets that the
device can receive from a host
within 5 seconds.
Configuring ARP blackhole routing
Step
1.
Enter system view.
2.
Enable ARP blackhole routing.
3.
(Optional.) Set the interval at
which the device probes ARP
blackhole routes.
4.
(Optional.) Specify the number of
ARP blackhole route probes.
Command
system-view
arp source-suppression
enable
arp source-suppression
limit limit-value
Command
system-view
arp resolving-route enable
arp resolving-route
probe-interval interval
arp resolving-route
probe-count count
327
Remarks
N/A
By default, ARP source suppression is
disabled.
By default, the maximum number is 10.
Remarks
N/A
By default, ARP blackhole routing
is enabled.
The default setting is 1 second.
This command is available in
Release 2311P04 and later
versions.
The default setting is one probe.
This command is available in
Release 2311P04 and later
versions.
- Quick Links:
- Configuration Guide
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
