[c-nsp] The number of ARP entries supported from Cisco 7507 RSP16

Rodney Dunn rodunn at cisco.com
Mon Jul 4 22:10:16 EDT 2005 

On Mon, Jul 04, 2005 at 07:23:08PM -0500, Hyunseog Ryu wrote:
> Currently it has about 600 entries from Cisco 7507 RSP16 with 1Gb Memory.

That should be no problem.

> It is running IOS 12.3.10 GD release.
> It is configured for dot1q trunk for ethernet connection, and ethernet 
> connection connected to Cisco 3550 ethernet switches.
> Sometimes when engineer cleared ARP table using "clear arp", customer 
> connection doesn't pop up with ARP table unless somebody ping to 
> customer ip address.

Here is how it works. When you do 'clear arp' the router will
send a *unicast* arp refresh for every single arp entry in the cache.
If the host doesn't respond or responds but the packet is dropped
for some reason then the arp entry is removed.

Now when it's removed it will not be repopulated until an ip
packet is sent towards that destination which will trigger CEF
to punt the first packet to resolve the mac address via arp.

Get a sniffer trace and a debug arp when you clear it.

If those 600 are on the same interface you need to bump up your
input hold queue because 600 arp responses at the same time will
almost guarantee drops.


> I opened the ticket with Cisco, but they had no clue.

Then escalate.

> I'm wondering whether I abuse Cisco 7507 with ARP table, or not.

You could but it would take a lot more than 600 to do it.

> This Cisco 7507 only has one DS3 with Frame Relay configuration, and two 
> Fast Ethernet ports in use.

The most common problem I see but I haven't seen it lately but in the older
code we did have the problem where CEF would match the glean adjacency
(which tells CEF to punt the packet to process level) but would not
punt the packet out of the (d)CEF path so the arp was never resolved.
However if you ping from the router then that is a process switched packet
which would trigger the arp request to go out.

If you do a clear arp and the arp goes away and does not come back
for a station that you know is live and responds to the unicast arp
refresh then you have multiple problems.
a) where did the unicast refresh reply go?
b) even if it does disappear why isn't a packet being punted out of the
   switching vector to trigger the arp

You need:
debug arp
sniffer trace

sh ip cef <dst ip> when the arp isn't resolving before you ping it
from the router.

> 
> Hyun
> 
> 
> Oliver Boehmer (oboehmer) wrote:
> 
> >Hyunseog Ryu <> wrote on Monday, July 04, 2005 6:54 AM:
> >
> >  
> >
> >>Hi guys,
> >>
> >>Do you know what is the maximum number of ARP cache entries supported
> >>from Cisco 7507 RSP16 configuration?
> >>    
> >>
> >
> >As far as I know there is no specific upper limit, limit is rather CPU &
> >Memory. How many do you have/need, and which IOS release are you
> >running? 
> >
> >	oli
> >
> >
> >
> >  
> >
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list