Provider standard ARP Timeout?
Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Are there any impacts for lowering the timeout? Other than higher CPU util for doing ARP a lot more on the router?
Re: Provider standard ARP Timeout?
I regularly used to lower the ARP timeout to 5 minutes (to match the mac-address-table aging limit) on devices running on ATM LAN-E segments and saw no ill effects. -saxon On 10 August 2012 08:23, Jay Nakamura zeusda...@gmail.com wrote: Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Are there any impacts for lowering the timeout? Other than higher CPU util for doing ARP a lot more on the router?
Re: Provider standard ARP Timeout?
On (2012-08-10 10:23 -0400), Jay Nakamura wrote: Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Maximum value should be your L2 MAC timeout. Most other vendors use low limits these days (linux, junos come to mind). So 300s max really. If ARP timeout is higher than L2 MAC timeout you can cause loops in otherwise correctly configured network. -- ++ytti
Re: Provider standard ARP Timeout?
I am using arp-timeout 900 (means 15min), because of having problems with my upstream ethernet connection and everything is ok, and I have not seen any relation between MAC Address aging time and that, aging time is default 300sec for me ;) Thanks On Fri, Aug 10, 2012 at 6:53 PM, Jay Nakamura zeusda...@gmail.com wrote: Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Are there any impacts for lowering the timeout? Other than higher CPU util for doing ARP a lot more on the router? -- Regards, Shahab Vahabzadeh, Network Engineer and System Administrator Cell Phone: +1 (415) 871 0742 PGP Key Fingerprint = 8E34 B335 D702 0CA7 5A81 C2EE 76A2 46C2 5367 BF90
Re: Provider standard ARP Timeout?
Saku Ytti wrote the following on 8/10/2012 10:27 AM: On (2012-08-10 10:23 -0400), Jay Nakamura wrote: Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Maximum value should be your L2 MAC timeout. Most other vendors use low limits these days (linux, junos come to mind). So 300s max really. If ARP timeout is higher than L2 MAC timeout you can cause loops in otherwise correctly configured network. I haven't seen loops, but have seen unicast floods when the MAC address times out for a host that receives data, but does not transmit it (hence the switch often forgets the MAC for the device). On Cisco gear I found it simpler to increase the mac address timeout to match the ARP timeout because the MAC timeout is a global command and the ARP timeout was a per interface command. IIRC, Cisco recommends the two match under certain setups - VRRP/HSRP comes to mind. I would think that a matched setup would always be ideal, with shorter timeouts for networks that encounter more instability or user movement. --Blake
Re: Provider standard ARP Timeout?
--- On Fri, 8/10/12, Blake Hudson bl...@ispn.net wrote: From: Blake Hudson bl...@ispn.net Subject: Re: Provider standard ARP Timeout? To: nanog@nanog.org Date: Friday, August 10, 2012, 1:03 PM Saku Ytti wrote the following on 8/10/2012 10:27 AM: On (2012-08-10 10:23 -0400), Jay Nakamura wrote: Cisco default ARP timeout is 4 hours. Do anyone change that to something shorter in a provider environment for customer with Ethernet connectivity? What is a good value to set it to? Maximum value should be your L2 MAC timeout. Most other vendors use low limits these days (linux, junos come to mind). So 300s max really. If ARP timeout is higher than L2 MAC timeout you can cause loops in otherwise correctly configured network. I haven't seen loops, but have seen unicast floods when the MAC address times out for a host that receives data, but does not transmit it (hence the switch often forgets the MAC for the device). On Cisco gear I found it simpler to increase the mac address timeout to match the ARP timeout because the MAC timeout is a global command and the ARP timeout was a per interface command. IIRC, Cisco recommends the two match under certain setups - VRRP/HSRP comes to mind. I would think that a matched setup would always be ideal, with shorter timeouts for networks that encounter more instability or user movement. --Blake IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s unknown-unicast-floods. In some cases I have lowered arp-timeout to match mac-ageing (8mins with dfc, and default 5 for non-dfc - cisco speak) In other cases, increasing mac-ageing to match arp-ageing - 4 hrs. ./Randy
