Arp Request Threshold Recommendations - Avaya 8800 Planning And Engineering

By default, CP-Limit protects the CPU from receiving more than 14 000 broadcast/multicast
control or exception packets per second within a duration that exceeds 2 seconds.
You can disable CP-Limit and instead, configure the amount of broadcast and/or multicast
control or exception frames per second that are allowed to reach the CPU before the
responsible interface is blocked and disabled. Based on your environment (severe
corresponds to a high-risk environment), the recommended values are shown in the following
figure.
Table 26: Recommended CP-Limit values
Severe:
Workstation (PC)
Server
NonIST Interconnection
Moderate:
Workstation (PC)
Server
NonIST Interconnection
Relaxed:
Workstation (PC)
Server
NonIST Interconnection

ARP request threshold recommendations

The Address Resolution Protocol (ARP) request threshold limits the ability of the Avaya
Ethernet Routing Switch 8800/8600 to source ARP requests for workstation IP addresses it
has not learned within its ARP table. The default setting for this function is 500 ARP requests
per second. To avoid excessive amounts of subnet scanning caused by a virus (like Welchia),
Avaya recommends that you change the ARP request threshold to a value between 100 to 50.
This helps to protect the CPU from causing excessive ARP requests, helps to protect the
network, and lessens the spread of the virus to other PCs. The following list gives further ARP
threshold recommendations:
• Default: 500
• Severe conditions: 50
• Continuous scanning conditions: 100
Planning and Engineering — Network Design
Broadcast
1000 1000
2500 2500
7500 6000
2500 2500
5000 5000
9000 9000
4000 4000
7000 7000
10 000 10 000
DoS protection mechanisms
Multicast
November 2010 251