[FROG] Where do those massive ARP tables come from?

Don Slice dslice at cumulusnetworks.com
Thu Jul 11 07:39:11 EDT 2019

Any chance you have a default route pointing to a local interface, or have
an invalid onlink route making it think destinations are local when they're
not?  What does you config and routing table look like?  Are all the
extraneous arps pointing out the same interface?

On Thu, Jul 11, 2019 at 3:54 AM Bernd <bernd at kroenchenstadt.de> wrote:

> Hi list,
> I have a bunch of three routers running in a project, let's call them A,
> B and C. They connect to multiple AS upstream and internally via OSPF
> and RIPng.
> While B is based on an (ancient) Ubuntu 12.04.5 and (also ancient)
> Quagga (, A and C run very recent CentOS 7 and FRR 6.0.2.
> B performs perfectly, while A and C put massive pressure on some Cisco
> switches they're connected to (OSPF and RIPng): They're sending about 2k
> ARP requests per second each.
> Looking at the ARP table (``ip nei show'') of A and C, I see about 20k
> entries, almost all of them in nud "FAIL" (unreachable). Most of them
> are IPs within the customer's AS (this is VLAN310 in the graphs
> attached), but some are random public IPv4 addresses.
> I did compare all sysctl settings to no avail, they're all set in a sane
> and safe manner. Every daemon not needed or adding not necessary
> complexity (like NetworkManager) is disabled and not running on A and C.
> ARP flux can be ruled out, too.
> Any idea what is going on here?
> Best
> Bernd_______________________________________________
> frog mailing list
> frog at lists.frrouting.org
> https://lists.frrouting.org/listinfo/frog

Don Slice
Cumulus Networks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20190711/a8ce3b0b/attachment.html>

More information about the frog mailing list