Hi
Becuase of arp requests caused by loop from switch that connected to MX interface cause my bgp peers to flap
i have some questions:
1. the arp policer is part of ddos protection ?
2.is the arp policer limit to 150k ?
3.is this policer per MPC ? or FPC ?
i think the arp default policer came to maximum on this mpc and deny all the legitimate arp request from uplink interfaces (bgp neigbors)
I want to config geberic arp policer to all my inet interfaces
I have several interfaces with family inet, vpls, ccc
the configuration is:
set firewall policer ARP-Policer if-exceeding bandwidth-limit 8k
set firewall policer ARP-Policer if-exceeding burst-size-limit 1500
set firewall policer ARP-Policer then discard
set interfaces ge-1/1/8 flexible-vlan-tagging
set interfaces ge-1/1/8 encapsulation flexible-ethernet-services
set interfaces ge-1/1/8 unit 1050 encapsulation vlan-ccc
set interfaces ge-1/1/8 unit 1050 vlan-id 1050
set interfaces ge-1/1/8 unit 1051 vlan-id 1051
set interfaces ge-1/1/8 unit 1051 family inet address 172.20.20.1/24
set interfaces ge-1/1/8 unit 1052 encapsulation vlan-vpls
set interfaces ge-1/1/8 unit 1052 vlan-id 1052
set groups arp interfaces ge-1/1/8 unit <*> family inet policer arp ARP-Policer
set apply-groups arp
commit check
re1:
[edit interfaces ge-1/1/8 unit 1050]
'family'
Only the CCC family is allowed on CCC interfaces
the apply groups not working with other familys vpls,ccc only with inet
is there other way to accomplish this
Regards
Oren