From: "Alex" <alex@hostingcenter.ro>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] arp flood (offtopic?)
Date: Wed, 19 Oct 2005 20:55:09 +0000 [thread overview]
Message-ID: <001501c5d4ef$645e2190$020c0c0a@admin> (raw)
In-Reply-To: <032b01c5d4bb$a8837ed0$020c0c0a@admin>
This is what I do to avoid "Neighbor table overflow" :
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
I should mention that I don't get the message Neighbor table overflow, at
least with these settings, don't know with default.
Now the thing is that the load average goes up to 30 and the gateway doesn't
even respond to ping after a while.
The arp-requests are not only for ips that are assigned to hosts but even
for un-allocated ips in the same subnet.
Maybe dividing into multiple vlans would be a better idea?
Regards,
Alex
----- Original Message -----
From: "Marek Kierdelewicz" <marek@piasta.pl>
To: <lartc@mailman.ds9a.nl>
Sent: Wednesday, October 19, 2005 9:04 PM
Subject: Re: [LARTC] arp flood (offtopic?)
>> Hi guys,
>
> Hi
>
>>
>> Sorry if this is a little offtopic, but I was wandering what can one
>> do to prevent/stop arp flooding ?
>
> You can increase arp cache table size:
>
> echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
> echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
> echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
>
> It'll make your box handle arpfloods more easily (at least DoS part).
>
> You can also use static arp entries (man arp). This will ensure known
> computers will always have access to (throu) your router (even with
> arpflood in progress).
>
>
> Two solutions mentioned above cope with "Neighbour table overflow" and
> problems with accessibility to other legitimate users. They
> don't cope however with router's cpu utilisation...
>
> Hope that helps.
>
> Marek Kierdelewicz
> KoBa ISP
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>
> --
> This message has been scanned for viruses and
> dangerous content by LG-Network(http://www.lgnet.ro), and is
> believed to be clean.
>
>
--
This message has been scanned for viruses and
dangerous content by LG-Network(http://www.lgnet.ro), and is
believed to be clean.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2005-10-19 20:55 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-19 14:44 [LARTC] arp flood (offtopic?) Alex
2005-10-19 14:51 ` Carl-Daniel Hailfinger
2005-10-19 18:04 ` Marek Kierdelewicz
2005-10-19 20:55 ` Alex [this message]
2005-10-19 22:09 ` Carl-Daniel Hailfinger
2005-10-20 8:33 ` Oscar Mechanic
2005-10-20 22:19 ` Peter Surda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='001501c5d4ef$645e2190$020c0c0a@admin' \
--to=alex@hostingcenter.ro \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.