[155471] in North American Network Operators' Group
Re: Provider standard ARP Timeout?
daemon@ATHENA.MIT.EDU (Randy)
Fri Aug 10 17:15:17 2012
Date: Fri, 10 Aug 2012 14:14:24 -0700 (PDT)
From: Randy <randy_94108@yahoo.com>
To: nanog@nanog.org, Blake Hudson <blake@ispn.net>
In-Reply-To: <502568F6.7020402@ispn.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--- On Fri, 8/10/12, Blake Hudson <blake@ispn.net> wrote:
> From: Blake Hudson <blake@ispn.net>
> Subject: Re: Provider standard ARP Timeout?
> To: nanog@nanog.org
> Date: Friday, August 10, 2012, 1:03 PM
> Saku Ytti wrote the following on
> 8/10/2012 10:27 AM:
> > On (2012-08-10 10:23 -0400), Jay Nakamura wrote:
> >=20
> >> Cisco default ARP timeout is 4 hours.=A0 Do
> anyone change that to
> >> something shorter in a provider environment for
> customer with Ethernet
> >> connectivity?=A0 What is a good value to set it
> to?
> > Maximum value should be your L2 MAC timeout. Most other
> vendors use low
> > limits these days (linux, junos come to mind).
> > So 300s max really.
> >=20
> > If ARP timeout is higher than L2 MAC timeout you can
> cause loops in
> > otherwise correctly configured network.
> >=20
>=20
> I haven't seen loops, but have seen unicast floods when the
> MAC address times out for a host that receives data, but
> does not transmit it (hence the switch often forgets the MAC
> for the device). On Cisco gear I found it simpler to
> increase the mac address timeout to match the ARP timeout
> because the MAC timeout is a global command and the ARP
> timeout was a per interface command. IIRC, Cisco recommends
> the two match under certain setups - VRRP/HSRP comes to
> mind. I would think that a matched setup would always be
> ideal, with shorter timeouts for networks that encounter
> more instability or user movement.
>=20
> --Blake
>=20
IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s u=
nknown-unicast-floods.
In some cases I have lowered arp-timeout to match mac-ageing (8mins with df=
c, and default 5 for non-dfc - cisco speak) In other cases, increasing mac-=
ageing to match arp-ageing - 4 hrs.
./Randy
