[c-nsp] Re-thinking (remembering) how a switch operates
Niels Bakker
niels=cisco-nsp at bakker.net
Tue May 10 07:47:01 EDT 2005
* gert at greenie.muc.de (Gert Doering) [Tue 10 May 2005, 08:53 CEST]:
>On Sat, May 07, 2005 at 12:34:54AM +0200, Niels Bakker wrote:
>>>On Wed, May 04, 2005 at 06:35:06PM +0200, Andre Beck wrote:
>>>>End stations of today usually have ARP cache timeouts of 120s to 300s.
>>>At least Linux is doing IPv4 ARP timeouting these days similar to way
>>>IPv6 NUD works - "if we see no traffic from this IP/MAC combination for
>>>a while, we do some ARP probing. Otherwise we assume that it's still
>>>valid" - which is a good thing in large networks, avoiding unnecessary
>>>ARPs...
>>Except they do that after 30 seconds, which makes Linux boxes generate
>>insane amounts of ARP traffic compared to any other host.
>But isn't that probe unicasted, and thus far less harmful than hard
>expiring an ARP entry and then broadcasting for it again?
Not when there's only intermittent traffic.
-- Niels.
--
More information about the cisco-nsp
mailing list