Why cannot a DAI-enabled switch forward valid ARP packets at line rate

23

In earlier versions of V200R001, a DAI-enabled switch checks ARP packets based on ACL rules delivered to the chip. Therefore, packets are directly forwarded at line rate. In V200R001 and later versions, the DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on the CIR value of the ARP packet and CPU usage.

Other related questions:
Why cannot a DAI-enabled S series switch forward valid ARP packets at line rate
For S series switches, in versions earlier than V200R001, a DAI-enabled switch checks ARP packets based on ACL rules delivered to the chip. Therefore, packets are directly forwarded at line rate. In V200R001 and later versions, a DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on factors such as the CPCAR value of the ARP packet and CPU usage. For E series switches, a DAI-enabled switch checks ARP packets and forwards valid ARP packets using software. The forwarding rate depends on factors such as the CPCAR value of the ARP packet and CPU usage.

Line rate forwarding of S series switches
Line rate forwarding indicates that no packet is lost when the maximum rate of an interface is reached. Total bandwidth provided by all interfaces of a switch = Number of interfaces x Interface rate x 2 (full-duplex mode) If the total bandwidth is less than or equal to the backplane bandwidth, data is forwarded at line rate on the backplane.

After DAI and EAI are enabled on an S series switch, why can the switch forward ARP packets sent by unauthorized users to request MAC addresses of authorized users
For S series switches: In earlier versions of V200R001, a DAI-enabled switch checks an incoming ARP packet against the binding table based on ACL rules delivered to the chip. An EAI-enabled switch sends the packet to the CPU. The CPU searches the outbound interface of the packet in the binding table and then forwards the packet using software. Both DAI and EAI are Layer 2 functions, but the ACL rule for sending ARP packets to the CPU delivered by EAI takes preference over that delivered by DAI. Therefore, DAI does not check ARP packets and the ARP packets sent by unauthorized users to request MAC addresses of authorized users can be normally forwarded. In V200R001 and later versions, a DAI-enabled switch checks ARP packets using software, so this problem does not occur.

Why cannot an S series switches learn ARP entries after Layer 3 forwarding is enabled on the switch's sub-interfaces
Q: Why cannot a switch learn ARP entries when connected to other devices after Layer 3 forwarding is enabled on the switch's sub-interfaces? A: In V100R002 and later versions, sub-interfaces of S series switches do not respond to ARP requests by default when Layer 3 forwarding is enabled on the sub-interfaces. The sub-interfaces respond to ARP requests only after the arp-proxy enable command is executed.

After the ARP gateway conflict function is enabled, why cannot traffic be forwarded based on the MAC address that is used to send ARP gateway conflict packets
After the ARP gateway conflict function detects the conflict ARP packets, the function will forbid all packets containing this source MAC address. The limit will be cancelled three minutes later.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top