[c-nsp] Cisco 6509 and ARPs

Rodney Dunn rodunn at cisco.com
Fri Feb 18 17:28:41 EST 2005 

On Thu, Feb 17, 2005 at 02:44:01PM -0600, John Kristoff wrote:
> Based on the way we detect and manage hosts on our network, we make use
> of ARP cache tables on 6509s by frequently polling them.  This data gets
> used in turn to find where hosts are by associating tracing the MAC
> address to a switch/hub and port.  In order to better identify where
> hosts are, we're considering changing the default ARP timers on 6509
> VLAN interfaces.  It doesn't appear that we can get the age time of an
> ARP entry through our polling process.  Though that would be nice and
> avoid us having to change the default ARP timer.
> 
> It appears that Cisco does not update the ARP cache table unless it
> specifically issues an ARP (and possibly, but I've not confirmed via
> gratuitous ARP).  So for example, Cisco doesn't appear to update the
> ARP cache when it sees an ARP request from a host, which would probably
> be very often, since most hosts seem to have ARP caches of only 1 or 2
> minutes.

I don't think that's true and I just tested it:

Router#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type        Interface
Internet  3.3.3.2                27   aabb.cc00.cb00  ARPA        Ethernet0/0
Internet  3.3.3.1                 -   aabb.cc00.ca00  ARPA        Ethernet0/0
Router#debug ar
ARP packet debugging is on
Router#
08:26:59: IP ARP: rcvd req src 3.3.3.2 aabb.cc00.cb00, dst 3.3.3.4 Ethernet0/0
08:27:01: IP ARP: rcvd req src 3.3.3.2 aabb.cc00.cb00, dst 3.3.3.4 Ethernet0/0
Router#
08:27:03: IP ARP: rcvd req src 3.3.3.2 aabb.cc00.cb00, dst 3.3.3.4 Ethernet0/0
08:27:05: IP ARP: rcvd req src 3.3.3.2 aabb.cc00.cb00, dst 3.3.3.4 Ethernet0/0
08:27:07: IP ARP: rcvd req src 3.3.3.2 aabb.cc00.cb00, dst 3.3.3.4 Ethernet0/0
Router#
Router#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type        Interface
Internet  3.3.3.2                 0   aabb.cc00.cb00  ARPA        Ethernet0/0
Internet  3.3.3.1                 -   aabb.cc00.ca00  ARPA        Ethernet0/0
Router#

I did a ping to 3.3.3.4 from a neighboring router and when
this router got the request from 3.3.3.2 for 3.3.3.4 he updated
his arp timeout.

> 
> My guess is, but perhaps someone could fill me in on the technical
> details, that the ARP table is a critical piece to switching and
> forwarding performance so for it to be thrashing would be not just
> bad for the CPU, but bad for overall performance.

You can update without thrashing as long as it's not changing.
In fact that's exactly what is done.  You send out a unicast
arp refresh 60 sec before it is supposed to expire (assuming
you get that far) to updat the entry.


> 
> It would be interesting to hear about people's experiences in setting
> the default ARP cache timer on a well populated 6509 to a much lower
> than default.  30 minutes?  5 minutes?  I suspect that 5 minutes may
> be too aggressive.  We specifically disable proxy ARP, so there should
> be some protection to potential ARP storms.
> 
> If you've tried this, what was your experience?  What is the typical
> size of your router's ARP cache table?

I can tell you that setting the arp timeout low with a large
number of arp entries (2k in general or more) will possibly
cause you problems.  If your timers get in sync when you try
and refresh you will drop packets off the input queue or the
arp queue.  If you are going to do it bump up your input queue
at least to be deep enough to hold at least one arp response
from each machine on the segment.  That's sorta a worst case
scenario.

Rodney


> 
> John
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list