[j-nsp] ARP Table Timer vs. MAC Table Timer on Juniper

NK NSP nknwklist at gmail.com
Tue Dec 19 17:13:11 EST 2017


"Hardware Resource exhaustion" comes into mind for keeping shorter value
for MAC Table. Keeping the value high enough can bite you when there is a
flood of traffic from random sources. It can lead to MAC table overruns and
could keep the genuine host MAC entries out of MAC table.

I guess many vendors have similar timer strategy. Just configure MAC age
timer to be higher than ARP timeout timer.

Thanks,

On Mon, Dec 11, 2017 at 8:27 AM, Karl Gerhard <karl_gerh at gmx.at> wrote:

> Hello
>
> by default
> ARP table entries will be saved for 20 minutes and
> MAC table entries will be saved for 5minutes.
>
> This seems to be a rather stupid default to me since expired MAC table
> entries (in conjuction with still existing ARP table entries) will cause
> Unknown Unicast packets to be flooded. We've been bitten by this because we
> did VRRP between two routers and two switches and traffic flow was
> asymmetric so one switch forgot the MAC addresses and flooded Unknown
> Unicasts.
>
> Is there a logic behind those defaults or am I right to assume that MAC
> table timers should /always/ be higher than ARP table timers?
>
> Links to the docs:
> https://www.juniper.net/documentation/en_US/junos/
> topics/task/configuration/configuring-arp-aging-timer.html
> https://www.juniper.net/documentation/en_US/junos/topics/reference/
> configuration-statement/mac-table-aging-time-bridging.html
>
> Regards
> Karl
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list