Hello,
Some time ago we changed from CISCO to JUNIPER MX204. Many top people recommend this solution, so why not.
And the config is almost similar to vyatta - so it can't be wrong. :)
Setup is simple - two physical routers (mx204) connected and between them each vlan in VRRP and one floating IP, which is a gateway for devices in a given vlan.
Migrate was almost painless, the only thing we are facing now is a huge amount of ARP requests in the network causing lag at the ends and other strange situations.
Which we have not experienced at CISCO.
from one medium used vlan in which there are 3 classes /22 and one /20 = ~7100 IPs - not all of them are active 24 hours a day
We had 250 kBps and 3800 pps traffic only ARP during business hours from 9AM to 10AM (One hour sample only).
Default arp policer throws numbers like crazy
admin@r1> show policer | match arp | refresh 5
__default_arp_policer__ 398845035318 8670941793
__default_arp_policer__ 398845116376 8670943555
__default_arp_policer__ 398845133488 8670943927
so I added separate rules per vlan with limit at 1M on time collecting statistics to match specific values.
policer arp_nolimit {
if-exceeding {
bandwidth-limit 1m;
burst-size-limit 1m;
}
In this I got rid of the suddenly disappearing ARP, but there are still too many of them.
While the world scans the aforementioned classes for a given IP, one router can ask itself 3 times - from each router. A total of 6 inquiries in 1 second.
Within 1 minute of these queries, there are already 15 queries - and all this for only one IP.
Now from one vlan for the entire subnet, at one minute only for one router these queries are: 18 063 from the second, a little more: 25 844
Is there an option/method that once asked IP it will be in the "memory" for X time and when someone asks for it (during this time) again, they will get an answer immediately. And he wasn't sending out an ARP who-has request again. Only after this time did he send out an ARP who-has again and store it.
The time also could not be too long, so that suddenly after inactivity an active IP appeared, it would be immediately noticed.
What I currently have set up for ARP is only
arp {
aging-timer 240;
gratuitous-arp-on-ifup;
}
rest is by default.
Can I count on a little help and show which way to go? :)
#ARP ,#MX204
------------------------------
Krystian Trapszo
------------------------------