Firewall Wizards mailing list archives
Re: Linux ARPD -- neighbor table overflow
From: Chris Doyle <umaro () narshe net>
Date: Thu, 18 Mar 2004 18:17:55 -0800
I have had the same kinds of problems, but on a linux router routing about 3 class Cs or more.. It was a quick hack, but I just put this in my startup scripts: echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh2 echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 which doesn't actually fix the problem, it just makes the treshhold higher. I haven't noticed any slowdown because of the higher threshhold, though. I would certainly be interested in any actual fix, but this worked for me. Cheers Chris Doyle On Thu, 18 Mar 2004 17:12:07 -0600 "Jeff Adam" <jadam () seark edu> wrote:
I have run into a problem recently with arp table size limitation in the Linux kernel. A bit of History I have been using the same box as a firewall for past couple of years and it has performed flawlessly Linux 2.4 / iptables but every couple of months the number of nodes on the LAN increases by 20 to 60 usually on the high end of that range we are already beyond 500 computers approaching 600 with plans to add 40 to 60 additional computers already being discussed. We have recently developed a problem with neighbor table overflows on the firewall during peak hours. I believe I have the problem repaired I recompiled the kernel with arpd support and netlink and installed arpd and made some changes in /proc Some other issues developed with arpd that were unexpected the problem is all of the documentation I found on arpd was rather dated including one written in 2001 that claimed the package (arpd) was far beyond abandoned by the upstream maintainer. im sure networks with more than 256 nodes are not that uncommon. My question is what experiences have other readers of the list had with this issue and what other solutions are there besides arpd for this issue.
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Linux ARPD -- neighbor table overflow Jeff Adam (Mar 18)
- Re: Linux ARPD -- neighbor table overflow Chris Doyle (Mar 18)
- Re: Linux ARPD -- neighbor table overflow Paul D. Robertson (Mar 18)