[c-nsp] Re-thinking (remembering) how a switch operates

RawCode gonnason at gmail.com
Wed May 18 08:18:03 EDT 2005


On 5/10/05, Niels Bakker <niels=cisco-nsp at bakker.net> wrote:
> * gert at greenie.muc.de (Gert Doering) [Tue 10 May 2005, 08:53 CEST]:
> >On Sat, May 07, 2005 at 12:34:54AM +0200, Niels Bakker wrote:
> >>>On Wed, May 04, 2005 at 06:35:06PM +0200, Andre Beck wrote:
> >>>>End stations of today usually have ARP cache timeouts of 120s to 300s.
> >>>At least Linux is doing IPv4 ARP timeouting these days similar to way
> >>>IPv6 NUD works - "if we see no traffic from this IP/MAC combination for
> >>>a while, we do some ARP probing.  Otherwise we assume that it's still
> >>>valid" - which is a good thing in large networks, avoiding unnecessary
> >>>ARPs...
> >>Except they do that after 30 seconds, which makes Linux boxes generate
> >>insane amounts of ARP traffic compared to any other host.
> >But isn't that probe unicasted, and thus far less harmful than hard
> >expiring an ARP entry and then broadcasting for it again?
> 
> Not when there's only intermittent traffic.
> 
>         -- Niels.
> 
> --
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

I personally would like to know if the server is reachable from the
network. Setup some form of monitoring that queries the box? i.e
Smokeping, Nagios, general SNMP stuff.

That alone should keep the CAM entry cached and you will know more
about the status of your server.



More information about the cisco-nsp mailing list