[155470] in North American Network Operators' Group
Re: Provider standard ARP Timeout?
daemon@ATHENA.MIT.EDU (Blake Hudson)
Fri Aug 10 16:03:51 2012
Date: Fri, 10 Aug 2012 15:03:02 -0500
From: Blake Hudson <blake@ispn.net>
To: nanog@nanog.org
In-Reply-To: <20120810152739.GA30006@pob.ytti.fi>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Saku Ytti wrote the following on 8/10/2012 10:27 AM:
> On (2012-08-10 10:23 -0400), Jay Nakamura wrote:
>
>> Cisco default ARP timeout is 4 hours. Do anyone change that to
>> something shorter in a provider environment for customer with Ethernet
>> connectivity? What is a good value to set it to?
> Maximum value should be your L2 MAC timeout. Most other vendors use low
> limits these days (linux, junos come to mind).
> So 300s max really.
>
> If ARP timeout is higher than L2 MAC timeout you can cause loops in
> otherwise correctly configured network.
>
I haven't seen loops, but have seen unicast floods when the MAC address
times out for a host that receives data, but does not transmit it (hence
the switch often forgets the MAC for the device). On Cisco gear I found
it simpler to increase the mac address timeout to match the ARP timeout
because the MAC timeout is a global command and the ARP timeout was a
per interface command. IIRC, Cisco recommends the two match under
certain setups - VRRP/HSRP comes to mind. I would think that a matched
setup would always be ideal, with shorter timeouts for networks that
encounter more instability or user movement.
--Blake
