Configuring Unresolvable Ip Attack Protection; Configuring Arp Source Suppression; Enabling Arp Blackhole Routing; Displaying And Maintaining Unresolvable Ip Attack Protection - HP MSR Series Configuration Manual

Configuring unresolvable IP attack protection

If a device receives a large number of unresolvable IP packets from a host, the following situations
can occur:
•
The device sends a large number of ARP requests, overloading the target subnets.
•
The device keeps trying to resolve the destination IP addresses, overloading its CPU.
To protect the device from such IP attacks, you can configure the following features:
•
ARP source suppression—Stops resolving packets from a host if the number of unresolvable
IP packets from the host exceeds the upper limit within 5 seconds. The device continues ARP
resolution when the interval elapses. This feature is applicable if the attack packets have the
same source addresses.
•
ARP blackhole routing—Creates a blackhole route destined for an unresolvable IP address.
The device drops all matching packets until the blackhole route ages out. This feature is
applicable regardless of whether the attack packets have the same source addresses.

Configuring ARP source suppression

Step
1. Enter system view.
2. Enable ARP source suppression.
3. Set the maximum number of
unresolvable packets that the
device can receive from a host
within 5 seconds.

Enabling ARP blackhole routing

Step
1. Enter system view.
2. Enable ARP blackhole routing.

Displaying and maintaining unresolvable IP attack protection

Execute display commands in any view.
Task
Display ARP source suppression configuration
information.
Command
system-view
arp source-suppression
enable
arp source-suppression
limit limit-value
Command
system-view
arp resolving-route enable
Command
display arp source-suppression
525
Remarks
N/A
By default, ARP source suppression is
disabled.
By default, the maximum number is
10.
Remarks
N/A
By default, ARP blackhole routing
is enabled.