[c-nsp] IOS 12.2(33)SRB2 clear arp-table

[Paul Cosgrove]

Hi Andrey,

How are you detecting that the arp-table is spontaneously cleared?  I'm 
wondering whether it is increasing in size before it clears, and whether 
it then immediately begins to increase again to normal levels.

If there is a scan taking place on your network (e.g. virus or network 
discovery), then the router connected to the scanned subnet will have to 
try to resolve each destination IP address.  Each arp will be a broadcast.

If the subnet is large, and the scanning rate fast, then the arp table 
may be filled with incomplete entries and (I guess) old entries forced 
out.  Incomplete entries are only kept for a few seconds, so when they 
expire you may end up with a relatively sudden decrease in table size.

Paul.


Andrey O.Sokolov wrote:
> На Fri, 7 Mar 2008 10:40:07 -0500
> Jeff Fitzwater <jfitz at Princeton.EDU> записано:
> 
>> There are two things that the router does with its arp table...
>> 1 It clears each hosts arp entry at some age interval, which can be  
>> changed.
>> 2 It periodically updates its arp-cache by sending out a unicast arp  
>> for each arp entry it has.
>>
>> The periodic refresh might be what you are seeing.
>>
>>
>> Without more details that's all I know.
>>
>>>    I have cisco7606 with sup32, IOS 12.2(33)SRB2, c7600s3223_rp- 
>>> ADVIPSERVICESK9-M
>>>
>>>    Periodically (sometimes time some minutes) spontaneously cleared  
>>> arp-table on this device, and I have
>>>    big broadcast flow on my network.
>>>
>>>    What is this?
>>>    Could someone help me solve this problem?
> 
>     Intervals are very-very different.
>     From some minutes to some hours.
>     And my device in at case sending out near 300 arp who-has inquiry per some milliseconds.
> 


-- 
HEAnet Limited
Ireland's Education & Research Network
5 George's Dock, IFSC, Dublin 1, Ireland
Tel:  +353.1.6609040
Web:  http://www.heanet.ie
Company registered in Ireland: 275301

Please consider the environment before printing this e-mail.