Home page logo

nanog logo nanog mailing list archives

Re: Provider standard ARP Timeout?
From: Randy <randy_94108 () yahoo com>
Date: Fri, 10 Aug 2012 14:14:24 -0700 (PDT)

--- On Fri, 8/10/12, Blake Hudson <blake () ispn net> wrote:

From: Blake Hudson <blake () ispn net>
Subject: Re: Provider standard ARP Timeout?
To: nanog () nanog org
Date: Friday, August 10, 2012, 1:03 PM
Saku Ytti wrote the following on
8/10/2012 10:27 AM:
On (2012-08-10 10:23 -0400), Jay Nakamura wrote:

Cisco default ARP timeout is 4 hours.  Do
anyone change that to
something shorter in a provider environment for
customer with Ethernet
connectivity?  What is a good value to set it
Maximum value should be your L2 MAC timeout. Most other
vendors use low
limits these days (linux, junos come to mind).
So 300s max really.

If ARP timeout is higher than L2 MAC timeout you can
cause loops in
otherwise correctly configured network.

I haven't seen loops, but have seen unicast floods when the
MAC address times out for a host that receives data, but
does not transmit it (hence the switch often forgets the MAC
for the device). On Cisco gear I found it simpler to
increase the mac address timeout to match the ARP timeout
because the MAC timeout is a global command and the ARP
timeout was a per interface command. IIRC, Cisco recommends
the two match under certain setups - VRRP/HSRP comes to
mind. I would think that a matched setup would always be
ideal, with shorter timeouts for networks that encounter
more instability or user movement.


IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s unknown-unicast-floods.

In some cases I have lowered arp-timeout to match mac-ageing (8mins with dfc, and default 5 for non-dfc - cisco speak) 
In other cases, increasing mac-ageing to match arp-ageing - 4 hrs.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]