[c-nsp] ARP-cache Timeouts for ASA5520
Higham, Josh
jhigham at epri.com
Wed Jun 11 10:58:03 EDT 2008
> 12. There are currently 34 entries in the ARP table
Is there a layer 3 device between your firewall and the majority of your
hosts (ie is the number of devices in the ASA local scope fairly
static)? If so, you should have no problem reducing the ARP cache to
the minimum.
The CPU impact of the ARP timeout is based on having to do an ARP
request and wait for the response at expire time. This scales directly
with the number of hosts in the various layer 2 domains, but I couldn't
see the ASA having any problems processing 34 ARP even at the minimum
timeout.
You'll also need to make sure that the hosts don't have the same arp
limitations, and that actually might be slightly more of a problem.
Anyway, 5 minutes should be perfectly fine in your environment.
I agree with the poster that said you should probably just ditch these
if HA is a hard requirement, but sometimes budgets and requirements make
for clunky solutions.
Thanks,
Josh
More information about the cisco-nsp
mailing list