From: Blake Hudson <blake () ispn net>
Subject: Re: Provider standard ARP Timeout?
To: nanog () nanog org
Date: Friday, August 10, 2012, 1:03 PM
Saku Ytti wrote the following on
8/10/2012 10:27 AM:
On (2012-08-10 10:23 -0400), Jay Nakamura wrote:
Cisco default ARP timeout is 4 hours. Do
anyone change that to
something shorter in a provider environment for
customer with Ethernet
connectivity? What is a good value to set it
Maximum value should be your L2 MAC timeout. Most other
vendors use low
limits these days (linux, junos come to mind).
So 300s max really.
If ARP timeout is higher than L2 MAC timeout you can
cause loops in
otherwise correctly configured network.
I haven't seen loops, but have seen unicast floods when the
MAC address times out for a host that receives data, but
does not transmit it (hence the switch often forgets the MAC
for the device). On Cisco gear I found it simpler to
increase the mac address timeout to match the ARP timeout
because the MAC timeout is a global command and the ARP
timeout was a per interface command. IIRC, Cisco recommends
the two match under certain setups - VRRP/HSRP comes to
mind. I would think that a matched setup would always be
ideal, with shorter timeouts for networks that encounter
more instability or user movement.