Re: Arp Cache issue

On 07/13/2011 03:34 PM, brian irvin wrote:
We are using bnx2 driver. We are getting outages when arp table fills up and unless we flush the table, network connectivity is an issue.

more ifcfg-bond0
DEVICE=bond0
BONDING_OPTS="mode=1 miimon=500 primary=eth4"


Thanks

Brian

Assuming that you obviously update the system via RHN to have the latest and the greatest, I would check to see if your switch ports are configured in some sort of peculiar mode. If the rest of the boxes you run has a smaller arp table, then the switch port might be throwing a lot of traffic because, for example, it might be in SPAN mode, throwing all the traffic on the VLAN, when it does not need to be.

Failing that, if you have a large VLAN and more than a 1000 clients on it, depending on the class of your subnet, you can turn into the following ARP/IP kernel parameter:

sysctl -a | grep -i thresh

Have a look at this document:

http://www.clusterresources.com/torquedocs21/a.flargeclusters.shtml

which suggests amongst other things ARP flush parameters to put under /etc/sysctl.conf

/etc/sysctl.conf

# Don't allow the arp table to become bigger than this
net.ipv4.neigh.default.gc_thresh3 = 4096
# Tell the gc when to become aggressive with arp table cleaning.
# Adjust this based on size of the LAN.
net.ipv4.neigh.default.gc_thresh2 = 2048
# Adjust where the gc will leave arp table alone
net.ipv4.neigh.default.gc_thresh1 = 1024
# Adjust to arp table gc to clean-up more often
net.ipv4.neigh.default.gc_interval = 3600
# ARP cache entry timeout

net.ipv4.neigh.default.gc_stale_time = 3600


--
--
George Magklaras PhD
RHCE no: 805008309135525

Senior Systems Engineer/IT Manager
Biotek Center, University of Oslo
EMBnet TMPC Chair

http://folk.uio.no/georgios

Tel: +47 22840535

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Relevant Pages

  • Re: Stopping Arp poison attacks
    ... In addition to the good suggestion you have already received on using Dynamic ARP Inspection on Cisco Catalyst switches, here is another one that I have recommended to clients (since it is so trivial to inject MiTM attacks). ... place all of your Administrative users in an "Administrative workstation" VLAN. ... You have an option to go with a managed service or an enterprise software. ...
    (Pen-Test)
  • Re: bond interface arp, vlan and trunk / network question
    ... bond0 is not attached to the VLAN, ... as bonding itself adds VLAN tags to its own ARP probes as ... tcpdump: WARNING: eth0: no IPv4 address assigned ...
    (Linux-Kernel)
  • Re: bond interface arp, vlan and trunk / network question
    ... So far vlan and trunking works as expected. ... The exact problem is that the bonding driver don't switch the ... interface because the mii-tool don't recognize that the connection ... No, from your configuration information, you're running the ARP ...
    (Linux-Kernel)
  • Incorrect ARP table entries
    ... I've run into a problem where the ARP table on several of my hosts is ... apparently spontaneously replacing correct entries with incorrect MAC ... My problem is that the entry for the DL380 iLO (, in vlan 157) is ...
    (freebsd-net)
  • Re: [Full-disclosure] VLAN Hacking Tutorial at InfoSec Institute
    ... english.The insecurity of ARP among other issues listed are problems on any ... layer 2 network and have little to do with VLAN. ... including tools such as VLANs on Cisco Catalyst switches, ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)