From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Alex" Date: Wed, 19 Oct 2005 20:55:09 +0000 Subject: Re: [LARTC] arp flood (offtopic?) Message-Id: <001501c5d4ef$645e2190$020c0c0a@admin> List-Id: References: <032b01c5d4bb$a8837ed0$020c0c0a@admin> In-Reply-To: <032b01c5d4bb$a8837ed0$020c0c0a@admin> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org This is what I do to avoid "Neighbor table overflow" : echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2 echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3 I should mention that I don't get the message Neighbor table overflow, at least with these settings, don't know with default. Now the thing is that the load average goes up to 30 and the gateway doesn't even respond to ping after a while. The arp-requests are not only for ips that are assigned to hosts but even for un-allocated ips in the same subnet. Maybe dividing into multiple vlans would be a better idea? Regards, Alex ----- Original Message ----- From: "Marek Kierdelewicz" To: Sent: Wednesday, October 19, 2005 9:04 PM Subject: Re: [LARTC] arp flood (offtopic?) >> Hi guys, > > Hi > >> >> Sorry if this is a little offtopic, but I was wandering what can one >> do to prevent/stop arp flooding ? > > You can increase arp cache table size: > > echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 > echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 > echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh1 > > It'll make your box handle arpfloods more easily (at least DoS part). > > You can also use static arp entries (man arp). This will ensure known > computers will always have access to (throu) your router (even with > arpflood in progress). > > > Two solutions mentioned above cope with "Neighbour table overflow" and > problems with accessibility to other legitimate users. They > don't cope however with router's cpu utilisation... > > Hope that helps. > > Marek Kierdelewicz > KoBa ISP > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > -- > This message has been scanned for viruses and > dangerous content by LG-Network(http://www.lgnet.ro), and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by LG-Network(http://www.lgnet.ro), and is believed to be clean. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc