[e-nsp] ARP Pending Entries queue being maxed out
Warwick Duncan
warwick at frogfoot.com
Wed Sep 10 08:07:29 EDT 2014
Hi Mikael
On Wed, Sep 10, 2014 at 12:37:29PM +0200, Mikael Abrahamsson wrote:
> How big are your subnets? From the look of it, it sounds like you
There are ~300 directly attached /24s plus another ~150 smaller that are
mostly /29 and /30.
> have fairly large subnets with traffic destined for IPs that do not
> exist (scanning traffic?). This has been a problem before, I know
> people 10 years ago at Interop used large subnets out of the
> 45.0.0.0/8 they had, and they had to lessen the size of the subnets
> because of scanning traffic making the ARP engine in ExOS go
> haywire. So either try to remove this unsolicited traffic to IPs not
> in use, or make the subnets smaller.
That makes a lot of sense.
> Either you do this, or you lower the pending timeout, I don't know
> if this is possible, I don't have access to the gear you're using.
As far as I can tell it isn't, we can only modify the timeout for cached
entries in this version of XOS (12.4.1.7). More recent versions seem to
have a few more options in this regard but we can't upgrade this
hardware much beyond where it already is.
Regards
Warwick
--
Warwick Duncan
Frogfoot Networks ISP
http://www.frogfoot.com/
+27.21.448.7225
More information about the extreme-nsp
mailing list