Thursday 24 January 2013

ARP Timeout Value for Linux, Windows, Cisco 2960 and DELL Switch

ARP timeout


As per RFC 826

"https://tools.ietf.org/html/rfc826"

"It may be desirable to have table aging and/or timeouts.  The
implementation of these is outside the scope of this protocol."

So the ARP timeouts are vendor dependent and can very drastically from one vendor to another. Here is some information about ARP timeouts.

1) ARP timeout for Cisco 2960 switch

# show interfaces vlan 1
Vlan1 is up, line protocol is down
  Hardware is EtherSVI, address is 5897.1ec9.1040 (bia 5897.1ec9.1040)
  Internet address is 192.168.100.1/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:10:09, output 00:10:07, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     60274 packets input, 5100402 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     66629 packets output, 52011719 bytes, 0 underruns
     0 output errors, 3 interface resets
     0 output buffer failures, 0 output buffers swapped out

The default ARP timeout for cisco switch is 4 hrs.

It can be changed using following command :


#configure
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line.  End with CNTL/Z.
cisco(config)#interface vlan 1
cisco(config-if)#arp timeout ?
  <0-2147483>  Seconds
cisco(config-if)#arp timeout 600



2) ARP time out for DLINK switch


Default value for ARP timeout is 20 sec in DLINK switch



# show arpentry
Command: show arpentry


ARP Aging Time : 20

Interface      IP Address       MAC Address        Type
-------------  ---------------  -----------------  ---------------
System         192.168.100.0      FF-FF-FF-FF-FF-FF  Local/Broadcast
System         192.168.100.167    00-1B-11-11-BD-41  Local
System         192.168.100.255    FF-FF-FF-FF-FF-FF  Local/Broadcast

Total Entries  : 3


Command to change the ARP entry time out value in DLINK switch

DES-3026:4#config arp_aging
Command: config arp_aging

Next possible completions:
        time

DES-3026:4#config arp_aging time
Command: config arp_aging time

Next possible completions:
        <value 0-65535>

DES-3026:4# config arp_aging time 600



3) Linux Fedora core 16

Default ARP timeout value in LInux is 60 sec

can be changed at  /proc/sys/net/ipv4/neigh/eth1/gc_stale_time

gc_stale_time (since Linux 2.2)
Determines how often to check for stale neighbor entries. When a neighbor entry is considered stale, it is resolved again before sending data to it. Defaults to 60 seconds.
gc_thresh1 (since Linux 2.2)
The minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. Defaults to 128.
gc_thresh2 (since Linux 2.2)
The soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. Defaults to 512.
gc_thresh3 (since Linux 2.2)
The hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. Defaults to 1024.
4)  Windows

It was difficult to find about XP. For windows 2000 i got following lines from the link given at reference.

Windows 2000 adjusts the size of the ARP cache automatically to meet the needs of
the system. If an entry is not used by any outgoing datagram for two minutes, the entry is
removed from the ARP cache.Entries that are being referenced are given additional time, in two minute increments,
up to a maximum lifetime of 10 minutes.After 10 minutes, the ARP cache entry is removed and must be rediscovered using
an ARP Request frame. To adjust the time an unreferenced entry can remain in the ARP cache, change the
value of the ArpCacheLife and ArpCacheMinReferencedLife registry entries.
(HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters).


So the default value looks like is 2 min.


5) For brocade switch the default value is 10 min.

command to enable aging time

ip arp-aging-timeout value
no ip arp-aging-timeout


The ARP ageing time is different from the MAC bridge learning time or the MAC table time . If there is mismatch between the MAC bridge learning table and ARP ageing time , it can result in unicast flood. So normally , its better if the ARP aging time is less than the bridge learning table time ( in Linux this value is 300 sec or 5 min can be seen using brctl command)

References:


http://linux.die.net/man/7/arp
https://tools.ietf.org/html/rfc826
http://thetechfirm.com/packets/ARP.pdf
http://www.brocade.com/downloads/documents/html_product_manuals/NOS_CLI_301/wwhelp/wwhimpl/common/html/wwhelp.htm#href=commands_a_z.4.172.html&single=true


ARP table and MAC table discussions

https://learningnetwork.cisco.com/thread/44041

https://learningnetwork.cisco.com/thread/2450