Unknown unicast

kevin-san

I keep getting burst of log messages "The total unknown unicast packets xxxxx per second has exceeded the configured all VLAN limit of 5000" in my AX logs." The number xxxxxx ranges anywhere from 10000 to 40000. I have about 15 web sites behind my A10. Is this normal? This only started a couple months ago.

mischa

This means that the AX detecting a lot of unknown unicast in the network, which is tripping the threshold. This doesn't mean the AX is causing the unknown unicast or dropping packets because of it, it's just to let you know there is a lot of it. In almost all cases it means there is something "wrong" in the network and there is traffic destined for a MAC address that is not known.

Unknown unicast traffic consists of unicast packets with unknown destination MAC addresses. By default, the switch floods these unicast packets that are traveling in a VLAN to all interfaces that are members of the VLAN. Forwarding this type of traffic to interfaces on the switch can trigger a security issue. The LAN is suddenly flooded with packets, creating unnecessary traffic that leads to poor network performance or even a complete loss of network service. This is known as a traffic storm. To prevent a storm, you can disable the flooding of unknown unicast packets to all interfaces by configuring one VLAN or all VLANs to forward and unknown unicast traffic to a specific trunk interface. This channels the unknown unicast traffic to a single interface.

Source: https://www.juniper.net/techpubs/en_US/junos9.5/topics/concept/rate-limiting-unknown-unicast-forwarding-understanding.html

Hope this helps.