Help Center/ Huawei Qiankun CloudService/ More Documents/ Device Alarm Handling/ WAC&AP Alarms/ ALM-303046918 The ARP Packet Transmitting Rate Exceeded the Timestamp Suppression Rate Limit for ARP Packets
Updated on 2024-01-25 GMT+08:00

ALM-303046918 The ARP Packet Transmitting Rate Exceeded the Timestamp Suppression Rate Limit for ARP Packets

Description

ARP/4/ARP_SUPP_TRAP:OID [OID] Exceed the speed limit value configured. (Ifnet index=[INTEGER], Configured value=[COUNTER], Sampling value=[COUNTER], Speed-limit type=[OCTET],Source Ip address=[IPADDR], Destination Ip address=[IPADDR]).

The alarm was generated when the transmitting rate of ARP packets or ARP Miss messages was greater than the rate limit.

The alarm was cleared when the transmitting rate of ARP packets or ARP Miss messages was lower than the rate limit.

You can run the arp speed-limit command to set the rate limit. The default rate limit is 5 packets per second.

Attribute

Alarm ID

Alarm Severity

Alarm Type

303046918

Warning

processingErrorAlarm

Parameters

Name

Meaning

OID

Indicates the MIB object ID of the alarm.

Ifnet index

Indicates the interface index.

Configured value

Indicates the configured rate limit.

Sampling value

Indicates the sampling of the number of packets received within a period.

Speed-limit type

Indicates the type of packets configured with timestamp suppression, for example, ARP and ARP MISS.

Source Ip address

Indicates the source IP address.

Destination Ip address

Indicates the destination IP address.

Impact on the System

If ARP packets are configured with timestamp suppression, some normal ARP packets are discarded. As a result, traffic cannot be forwarded normally.

If ARP Miss messages are configured with timestamp suppression, some ARP Miss messages are discarded. As a result, ARP Request messages cannot be triggered and thus traffic cannot be forwarded normally.

If this alarm is cleared soon, services will not be affected and the system will return to normal state.

If this alarm is not cleared for a long time, service processing capabilities of the system will be affected.

Possible Causes

  • The interval for enabling the log function and sending alarms for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP packets was greater than the threshold. Within the first Ns, the average number of sent ARP packets was greater than the threshold.
  • The interval for enabling the log function and sending alarms for potential attack behaviors was set to Ns. Within the period of N+1s, the number of sent ARP Miss messages was greater than the threshold. Within the first Ns, the average number of sent ARP Miss messages was greater than the threshold.

Procedure

  1. View the type of packets configured with timestamp suppression in trap messages.

    • If the type of packets is ARP, go to step 2.
    • If the type of packets is ARP Miss, go to step 4.

  2. Run the display arp anti-attack configuration command to view the rate limit of ARP packets.
  3. Run the arp speed-limit source-ip [ ip-address ]maximum maximum command to re-set the rate limit of timestamp suppression of ARP packets. This value must be greater than that displayed in step 2; otherwise, the trap cannot be cleared, but this value must be less than 32768. Then, check whether the trap is cleared.

    • If so, no further action is required.
    • If not, go to step 6.

  4. Run the display arp anti-attack configuration command to view the rate limit of ARP Miss messages.
  5. Run the arp-miss speed-limit [ ip-address ]source-ip maximum maximum command to re-set the maximum rate of timestamp suppression of ARP Miss messages. This value must be greater than that displayed in step 4; otherwise, the trap cannot be cleared, but this value must be less than 32768. Then, check whether the trap is cleared.

    • If so, no further action is required.
    • If not, go to step 6.

  6. Contact technical support engineers.

Related Information

None