[c-nsp] Cisco 6509 and ARPs

John Kristoff jtk at northwestern.edu
Thu Feb 17 15:44:01 EST 2005


Based on the way we detect and manage hosts on our network, we make use
of ARP cache tables on 6509s by frequently polling them.  This data gets
used in turn to find where hosts are by associating tracing the MAC
address to a switch/hub and port.  In order to better identify where
hosts are, we're considering changing the default ARP timers on 6509
VLAN interfaces.  It doesn't appear that we can get the age time of an
ARP entry through our polling process.  Though that would be nice and
avoid us having to change the default ARP timer.

It appears that Cisco does not update the ARP cache table unless it
specifically issues an ARP (and possibly, but I've not confirmed via
gratuitous ARP).  So for example, Cisco doesn't appear to update the
ARP cache when it sees an ARP request from a host, which would probably
be very often, since most hosts seem to have ARP caches of only 1 or 2
minutes.

My guess is, but perhaps someone could fill me in on the technical
details, that the ARP table is a critical piece to switching and
forwarding performance so for it to be thrashing would be not just
bad for the CPU, but bad for overall performance.

It would be interesting to hear about people's experiences in setting
the default ARP cache timer on a well populated 6509 to a much lower
than default.  30 minutes?  5 minutes?  I suspect that 5 minutes may
be too aggressive.  We specifically disable proxy ARP, so there should
be some protection to potential ARP storms.

If you've tried this, what was your experience?  What is the typical
size of your router's ARP cache table?

John


More information about the cisco-nsp mailing list