I happened to have a window open to our bug tracker, and there's nothing mentioned about a known bug.

 

It does seem like this should be a warning rather than an error. A lot of ARP traffic was once connected with some DDOS attacks, but I don't think that's really applicable any more. Anything vulnerable to such a thing should have been patched ages go.

 

What else is on that subnet? Do you have a lot of other hosts which would be communicating with one another?

 

 

Constantly receiving the below alert by email (for both e0e & e0f even though they are in an ifgrp). Can’t find anything about it on the KB and would be interested to know how to increase the threshold and thoughts on doing so?

---

Severity: LOG_ERR

 

Message: netif.rateLimitThreshold: High rate limit on network interface e0e for broadcast protocol ARP being detected: 5001 pkts/sec.

 

Description: This message occurs when the protocol rate threshold is reached on a network interface.

 

Action: Fix the faulty network configuration or incorrect setup that enables a sudden spike in broadcast packets to bring down the node. If you still want a high ARP rate threshold, use the "bootarg.arp.ratelimit.threshold" boot argument to set that threshold.

 

Source: NwkThd_04

Index: 3128725

 

[Note: This email message is sent using a deprecated event routing mechanism.

For information, search the knowledgebase of the NetApp support web site for "convert existing event configurations in Data ONTAP 9.0."]