Switching

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

DDOS Protection messages

  • 1.  DDOS Protection messages

    Posted 05-14-2021 04:13
    Hi ,

    I would like to understand what the reason for the ARP: snoop error messages mean?

    May 14 03:21:42 ddosChangeEvent: asynchronous message
    May 14 03:21:42 Event report
    May 14 03:21:42 Looking for protocol: 3402, group id = 34, proto index = 2. Group size = 125
    May 14 03:21:42 Generate protocol change ERRMSG for ARP:arp-snoop from fpc 0
    May 14 03:21:42 INFO: Host-bound traffic for protocol/exceptionARP:arp-snoop has returned to normal. Its allowed bandwith was exceeded at fpc 0 for 275 times, from 2021-05-14 03:16:41 UTC to 2021-05-14 03:16:41 UTC

    specifically the line : Looking for protocol: 3402, group id = 34, proto index = 2. Group size = 125 

    as I am trying to understand the culprit causing the messages.

    thanks
    Stuart


    ------------------------------
    STUART DAY
    ------------------------------


  • 2.  RE: DDOS Protection messages

    Posted 07-01-2021 14:02
    That is how this protocol is defined at the FPC level. If you start a session towards the FPC, and you check the protocol 3402, you will find that definition is withing the `arp-snooping`

    It is really how it is seen in the HW.

    Regards,

    Elvin