[FROG] Where do those massive ARP tables come from?

Bernd bernd at kroenchenstadt.de
Thu Jul 11 03:53:33 EDT 2019 

Hi list,

I have a bunch of three routers running in a project, let's call them A, 
B and C. They connect to multiple AS upstream and internally via OSPF 
and RIPng.

While B is based on an (ancient) Ubuntu 12.04.5 and (also ancient) 
Quagga (0.99.20.1), A and C run very recent CentOS 7 and FRR 6.0.2.

B performs perfectly, while A and C put massive pressure on some Cisco 
switches they're connected to (OSPF and RIPng): They're sending about 2k 
ARP requests per second each.

Looking at the ARP table (``ip nei show'') of A and C, I see about 20k 
entries, almost all of them in nud "FAIL" (unreachable). Most of them 
are IPs within the customer's AS (this is VLAN310 in the graphs 
attached), but some are random public IPv4 addresses.

I did compare all sysctl settings to no avail, they're all set in a sane 
and safe manner. Every daemon not needed or adding not necessary 
complexity (like NetworkManager) is disabled and not running on A and C. 
ARP flux can be ruled out, too.

Any idea what is going on here?

Best

Bernd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: B_arp_nud_sh-day.png
Type: image/png
Size: 57310 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20190711/0ed9b22c/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: B_arp_if_sh-day.png
Type: image/png
Size: 58970 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20190711/0ed9b22c/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C_arp_nud_sh-day.png
Type: image/png
Size: 32709 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20190711/0ed9b22c/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: C_arp_if_sh-day.png
Type: image/png
Size: 30648 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20190711/0ed9b22c/attachment-0007.png>

More information about the frog mailing list