Configuring per-interface NDP cache protection

You can configure IPv6 neighbor discovery protocol (NDP) cache protection on a per-interface basis. NDP performs address resolution and maintains the neighbor cache, and can be susceptible to denial-of-service (DoS) attacks that overwhelm the devices control plane with unassigned address resolution requests, resulting in a cache overflow. One strategy for mitigating this type of DoS attack is to enforce neighbor discovery queue limits, restricting the overall number of IPV6 neighbors and new unresolved next-hop addresses that can be added to the cache. The device has default cache limits that can be changed system-wide, or you can use this feature to override default or system-wide limits on a per-interface basis.

Product / Application	Software	Introduced Release
EX4400-24X	Junos OS	23.1R1
EX4650-48Y	Junos OS	18.3R1
MX5	Junos OS	15.1R1
MX10	Junos OS	15.1R1
MX40	Junos OS	15.1R1
MX80	Junos OS	15.1R1
MX104	Junos OS	15.1R1
MX204	Junos OS	17.4R1
MX240	Junos OS	15.1R1
MX301	Junos OS	25.4R1
MX304	Junos OS	22.2R3
MX480	Junos OS	15.1R1
MX960	Junos OS	15.1R1
MX2008	Junos OS	15.1F7
MX2010	Junos OS	15.1R1
MX2020	Junos OS	15.1R1
MX10003	Junos OS	17.3R1
MX10004	Junos OS	22.3R1
MX10008	Junos OS	18.2R1
MX10016	Junos OS	19.2R1
QFX5100	Junos OS	15.1R3
QFX5110	Junos OS	17.2R1
QFX5120-48Y	Junos OS	18.3R1
QFX5120-32C	Junos OS	19.1R1
QFX5130-48C	Junos OS Evolved	23.4R1
QFX5130-48CM	Junos OS Evolved	23.4R2
QFX5120-48T	Junos OS	20.2R1
QFX5120-48YM	Junos OS	20.4R1
QFX5200-32C	Junos OS	17.2R1
QFX5230-64CD	Junos OS Evolved	22.2X100-D10
QFX10008	Junos OS	17.1R1
QFX10016	Junos OS	17.1R1
QFX10002-60C	Junos OS	18.1R1

Feature Explorer AI

Configuring per-interface NDP cache protection

404: Page not found.

Configuring per-interface NDP cache protection