Rate limiting arp packets – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

network route if the IP route table does not contain a route to the packet destination. In each case, the
Layer 3 switch must encapsulate the packet and address it to the MAC address of a locally attached
device, the next-hop router toward the IP packet destination.

To obtain the MAC address required for forwarding a datagram, the Layer 3 switch does the following:

• First, the Layer 3 switch looks in the ARP cache (not the static ARP table) for an entry that lists the

MAC address for the IP address. The ARP cache maps IP addresses to MAC addresses. The
cache also lists the port attached to the device and, if the entry is dynamic, the age of the entry. A
dynamic ARP entry enters the cache when the Layer 3 switch receives an ARP reply or receives an
ARP request (which contains the sender IP address and MAC address). A static entry enters the
ARP cache from the static ARP table (which is a separate table) when the interface for the entry
comes up.

To ensure the accuracy of the ARP cache, each dynamic entry has its own age timer. The timer is
reset to zero each time the Layer 3 switch receives an ARP reply or ARP request containing the IP
address and MAC address of the entry. If a dynamic entry reaches its maximum allowable age, the
entry times out and the software removes the entry from the table. Static entries do not age out and
can be removed only by you.

• If the ARP cache does not contain an entry for the destination IP address, the Layer 3 switch

broadcasts an ARP request out all its IP interfaces. The ARP request contains the IP address of the
destination. If the device with the IP address is directly attached to the Layer 3 switch, the device
sends an ARP response containing its MAC address. The response is a unicast packet addressed
directly to the Layer 3 switch. The Layer 3 switch places the information from the ARP response into
the ARP cache.

ARP requests contain the IP address and MAC address of the sender, so all devices that receive the
request learn the MAC address and IP address of the sender and can update their own ARP caches
accordingly.

NOTE
The ARP request broadcast is a MAC broadcast, which means the broadcast goes only to devices that
are directly attached to the Layer 3 switch. A MAC broadcast is not routed to other networks. However,
some routers, including BrocadeLayer 3 switches, can be configured to reply to ARP requests from
one network on behalf of devices on another network.

NOTE
If the router receives an ARP request packet that it is unable to deliver to the final destination because
of the ARP timeout and no ARP response is received (the Layer 3 switch knows of no route to the
destination address), the router sends an ICMP Host Unreachable message to the source.

Rate limiting ARP packets

You can limit the number of ARP packets the Brocade device accepts during each second. By default,
the software does not limit the number of ARP packets the device can receive. Since the device sends
ARP packets to the CPU for processing, if a device in a busy network receives a high number of ARP
packets in a short period of time, some CPU processing might be deferred while the CPU processes
the ARP packets.

To prevent the CPU from becoming flooded by ARP packets in a busy network, you can restrict the
number of ARP packets the device will accept each second. When you configure an ARP rate limit,
the device accepts up to the maximum number of packets you specify, but drops additional ARP
packets received during the one-second interval. When a new one-second interval starts, the counter
restarts at zero, so the device again accepts up to the maximum number of ARP packets you
specified, but drops additional packets received within the interval.

Rate limiting ARP packets

54

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

53-1003087-04