[FROG] Where do those massive ARP tables come from?
Bernd
bernd at kroenchenstadt.de
Thu Jul 11 08:15:47 EDT 2019
Am 2019-07-11 13:39, schrieb Don Slice:
> Any chance you have a default route pointing to a local interface, or
> have an invalid onlink route making it think destinations are local
> when they're not? What does you config and routing table look like?
> Are all the extraneous arps pointing out the same interface?
Thanks a lot, Don! Your first thought was the perfect match.
The machines indeed had (for whatever historical reasons) a static route
pointed onto themselves. After removing it, the switch CPU load dropped
massively (from about 85% to less then 40%).
I assume the blackhole never was hit by traffic that was meant to be
sent there?
Now:
funny_hostname# sh ip route a.b.c.d
Routing entry for 0.0.0.0/0
Known via "ospf", distance 110, metric 190, best
Last update 00:26:58 ago
* n.o.p.q, via bond1.310
Routing entry for 0.0.0.0/0
Known via "static", distance 240, metric 0
Last update 1d00h53m ago
unreachable (blackhole)
Best
Bernd
> On Thu, Jul 11, 2019 at 3:54 AM Bernd <bernd at kroenchenstadt.de> wrote:
>
>> Hi list,
>>
>> I have a bunch of three routers running in a project, let's call
>> them A,
>> B and C. They connect to multiple AS upstream and internally via
>> OSPF
>> and RIPng.
>>
>> While B is based on an (ancient) Ubuntu 12.04.5 and (also ancient)
>> Quagga (0.99.20.1), A and C run very recent CentOS 7 and FRR 6.0.2.
>>
>> B performs perfectly, while A and C put massive pressure on some
>> Cisco
>> switches they're connected to (OSPF and RIPng): They're sending
>> about 2k
>> ARP requests per second each.
>>
>> Looking at the ARP table (``ip nei show'') of A and C, I see about
>> 20k
>> entries, almost all of them in nud "FAIL" (unreachable). Most of
>> them
>> are IPs within the customer's AS (this is VLAN310 in the graphs
>> attached), but some are random public IPv4 addresses.
>>
>> I did compare all sysctl settings to no avail, they're all set in a
>> sane
>> and safe manner. Every daemon not needed or adding not necessary
>> complexity (like NetworkManager) is disabled and not running on A
>> and C.
>> ARP flux can be ruled out, too.
>>
>> Any idea what is going on here?
>>
>> Best
>>
>> Bernd_______________________________________________
>> frog mailing list
>> frog at lists.frrouting.org
>> https://lists.frrouting.org/listinfo/frog
>
> --
>
> Don Slice
> Cumulus Networks
More information about the frog
mailing list