beautypg.com

Configuring arp source suppression, Configuring arp blackhole routing – H3C Technologies H3C S6300 Series Switches User Manual

Page 338

background image

323

ARP source suppression—Stops resolving packets from a host if the upper limit on unresolvable IP

packets from the host is reached within an interval of 5 seconds. The device continues ARP
resolution when the interval elapses. This feature is applicable if the attack packets have the same

source addresses.

ARP blackhole routing—Creates a blackhole route destined for an unresolved IP address. The
device drops all matching packets until the blackhole route is deleted. A blackhole route is deleted

when its aging timer (25 seconds) is reached or the route becomes reachable.
After a blackhole route is created for an unresolved IP address, the device immediately starts the

first ARP blackhole route probe by sending an ARP request. If the resolution fails, the device
continues probing according to the probe settings. If the IP address resolution succeeds in a probe,

the device converts the blackhole route to a normal route. If an ARP blackhole route ages out

before the device finishes all probes, the device deletes the blackhole route and does not perform

the remaining probes.
This feature is applicable regardless of whether the attack packets have the same source
addresses.

Configuring ARP source suppression

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable ARP source suppression.

arp source-suppression
enable

By default, ARP source suppression is
disabled.

3.

Set the maximum number of
unresolvable packets that the

device can receive from a host

within 5 seconds.

arp source-suppression
limit limit-value

By default, the maximum number is 10.

Configuring ARP blackhole routing

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable ARP blackhole routing.

arp resolving-route enable

By default, ARP blackhole routing
is enabled.

3.

(Optional.) Set the interval at
which the device probes ARP

blackhole routes.

arp resolving-route

probe-interval interval

The default setting is 1 second.
This command is available in
Release 2311P04 and later

versions.

4.

(Optional.) Set the number of ARP
blackhole route probes.

arp resolving-route
probe-count count

The default setting is one probe.
This command is available in
Release 2311P04 and later

versions.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: