ALM-303046918 The ARP Packet Transmitting Rate Exceeded the Timestamp Suppression Rate Limit for ARP Packets
Description
ARP/4/ARP_SUPP_TRAP:OID [OID] Exceed the speed limit value configured. (Ifnet index=[INTEGER], Configured value=[COUNTER], Sampling value=[COUNTER], Speed-limit type=[OCTET],Source Ip address=[IPADDR], Destination Ip address=[IPADDR]).
The alarm was generated when the transmitting rate of ARP packets or ARP Miss messages was greater than the rate limit.
The alarm was cleared when the transmitting rate of ARP packets or ARP Miss messages was lower than the rate limit.
You can run the arp speed-limit command to set the rate limit. The default rate limit is 5 packets per second.
Attribute
|
Alarm ID |
Alarm Severity |
Alarm Type |
|---|---|---|
|
303046918 |
Warning |
processingErrorAlarm |
Parameters
|
Name |
Meaning |
|---|---|
|
OID |
Indicates the MIB object ID of the alarm. |
|
Ifnet index |
Indicates the interface index. |
|
Configured value |
Indicates the configured rate limit. |
|
Sampling value |
Indicates the sampling of the number of packets received within a period. |
|
Speed-limit type |
Indicates the type of packets configured with timestamp suppression, for example, ARP and ARP MISS. |
|
Source Ip address |
Indicates the source IP address. |
|
Destination Ip address |
Indicates the destination IP address. |
Impact on the System
If ARP packets are configured with timestamp suppression, some normal ARP packets are discarded. As a result, traffic cannot be forwarded normally.
If ARP Miss messages are configured with timestamp suppression, some ARP Miss messages are discarded. As a result, ARP Request messages cannot be triggered and thus traffic cannot be forwarded normally.
If this alarm is cleared soon, services will not be affected and the system will return to normal state.
If this alarm is not cleared for a long time, service processing capabilities of the system will be affected.
Possible Causes
- The interval for enabling the log function and sending alarms for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP packets was greater than the threshold. Within the first Ns, the average number of sent ARP packets was greater than the threshold.
- The interval for enabling the log function and sending alarms for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP Miss messages was greater than the threshold. Within the first Ns, the average number of sent ARP Miss messages was greater than the threshold.
Procedure
- View the type of packets configured with timestamp suppression in trap messages.
- If the type of packets is ARP, go to step 2.
- If the type of packets is ARP Miss, go to step 4.
- Run the display arp anti-attack configuration command to view the rate limit of ARP packets.
- Run the arp speed-limit source-ip [ ip-address ]maximum maximum command to re-set the rate limit of timestamp suppression of ARP packets. This value must be greater than that displayed in step 2; otherwise, the trap cannot be cleared, but this value must be less than 32768. Then, check whether the trap is cleared.
- If so, no further action is required.
- If not, go to step 6.
- Run the display arp anti-attack configuration command to view the rate limit of ARP Miss messages.
- Run the arp-miss speed-limit [ ip-address ]source-ip maximum maximum command to re-set the maximum rate of timestamp suppression of ARP Miss messages. This value must be greater than that displayed in step 4; otherwise, the trap cannot be cleared, but this value must be less than 32768. Then, check whether the trap is cleared.
- If so, no further action is required.
- If not, go to step 6.
- Contact technical support engineers.
Related Information
None
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
