Configuring ARP packet rate limit

The ARP packet rate limit feature allows you to limit the rate of ARP packets delivered to the CPU. An ARP attack detection-enabled device will send all received ARP packets to the CPU for inspection. Processing excessive ARP packets will make the device malfunction or even crash. To solve this problem, configure ARP packet rate limit. When the receiving rate of ARP packets on the interface exceeds the rate limit, those packets are discarded.

You can enable sending notifications to the SNMP module or enable logging for ARP packet rate limit.

• If notification sending is enabled, the device sends the highest threshold-crossed ARP packet rate within the sending interval in a notification to the SNMP module. You must use the snmp-agent target-host command to set the notification type and target host. For more information about notifications, see Network Management and Monitoring Command Reference.

• If logging for ARP packet rate limit is enabled, the device sends the highest threshold-crossed ARP packet rate within the sending interval in a log message to the information center. You can configure the information center module to set the log output rules. For more information about information center, see Network Management and Monitoring Configuration Guide.

As a best practice, configure this feature when ARP attack detection, ARP snooping, ARP fast-reply, or MFF is enabled, or when ARP flood attacks are detected.

If excessive notifications and log messages are sent for ARP packet rate limit, you can increase notification and log message sending interval.

If you enable notification sending and logging for ARP packet rate limit on a Layer 2 aggregate interface, the features apply to all aggregation member ports.

1. Enter system view.

   system-view

2. (Optional.) Enable SNMP notifications for ARP packet rate limit.

   snmp-agent trap enable arp [ rate-limit ]

   By default, SNMP notifications for ARP packet rate limit are disabled.

3. (Optional.) Enable logging for ARP packet rate limit.

   arp rate-limit log enable

   By default, logging for ARP packet rate limit is disabled.

4. (Optional.) Set the notification and log message sending interval.

   arp rate-limit log interval interval

   By default, the device sends notifications and log messages every 60 seconds.

5. Enter interface view.

   interface interface-type interface-number

   Supported interface types include Layer 2 Ethernet interface, Layer 3 Ethernet interface, Layer 3 aggregate interface, and Layer 2 aggregate interface.

6. Enable ARP packet rate limit.

   arp rate-limit [ pps ]

   By default, ARP packet rate limit is enabled.