Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux ARPD -- neighbor table overflow

From: Chris Doyle <umaro () narshe net>
Date: Thu, 18 Mar 2004 18:17:55 -0800
I have had the same kinds of problems, but on a linux router routing about 3 class Cs or more.. It was a quick hack, 
but I just put this in my startup scripts:

echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

which doesn't actually fix the problem, it just makes the treshhold higher.

I haven't noticed any slowdown because of the higher threshhold, though.

I would certainly be interested in any actual fix, but this worked for me.

Cheers
Chris Doyle

On Thu, 18 Mar 2004 17:12:07 -0600
"Jeff Adam" <jadam () seark edu> wrote:


I have run into a problem recently with arp table size limitation in the Linux kernel.

 

A bit of History

 I have been using the same box as a firewall for past couple of years and it has performed flawlessly Linux 2.4 / 
iptables but every couple of months the number of nodes on the LAN increases by 20 to 60 usually on the high end of 
that range we are already beyond 500 computers approaching 600 with plans to add 40 to 60 additional computers 
already being discussed. We have recently developed a problem with neighbor table overflows on the firewall during 
peak hours.

 

I believe I have the problem repaired I recompiled the kernel with arpd support and netlink and installed arpd and 
made some changes in /proc

Some other issues developed with arpd that were unexpected
 

the problem is all of the documentation I found on arpd was rather dated including one written in  2001 that claimed 
the package (arpd) was far beyond abandoned by the upstream maintainer. im sure networks with more than 256 nodes are 
not that uncommon. My question is what experiences have other readers of the list had with this issue and what other 
solutions are there besides arpd for this issue.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: