--- On Fri, 8/10/12, Blake Hudson <[email protected]> wrote:
> From: Blake Hudson <[email protected]> > Subject: Re: Provider standard ARP Timeout? > To: [email protected] > Date: Friday, August 10, 2012, 1:03 PM > Saku Ytti wrote the following on > 8/10/2012 10:27 AM: > > On (2012-08-10 10:23 -0400), Jay Nakamura wrote: > > > >> Cisco default ARP timeout is 4 hours. Do > anyone change that to > >> something shorter in a provider environment for > customer with Ethernet > >> connectivity? What is a good value to set it > to? > > Maximum value should be your L2 MAC timeout. Most other > vendors use low > > limits these days (linux, junos come to mind). > > So 300s max really. > > > > If ARP timeout is higher than L2 MAC timeout you can > cause loops in > > otherwise correctly configured network. > > > > I haven't seen loops, but have seen unicast floods when the > MAC address times out for a host that receives data, but > does not transmit it (hence the switch often forgets the MAC > for the device). On Cisco gear I found it simpler to > increase the mac address timeout to match the ARP timeout > because the MAC timeout is a global command and the ARP > timeout was a per interface command. IIRC, Cisco recommends > the two match under certain setups - VRRP/HSRP comes to > mind. I would think that a matched setup would always be > ideal, with shorter timeouts for networks that encounter > more instability or user movement. > > --Blake > IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s unknown-unicast-floods. In some cases I have lowered arp-timeout to match mac-ageing (8mins with dfc, and default 5 for non-dfc - cisco speak) In other cases, increasing mac-ageing to match arp-ageing - 4 hrs. ./Randy
