Re: Proxy ARP causing Neighbour table overflow

[Ian Pilcher <arequipeno@gmail.com>]

Is there a better list on which to ask this question?

On 01/08/2013 11:26 AM, Ian Pilcher wrote:
> I am using proxy ARP to divide my home network into several different
> subnets, while allowing them all to communicate through my residential
> "router".  I am seeing a (very) large number of "Neighbour table over-
> flow" messages, although I haven't noticed any impact on connectivity or
> performance.
> 
> (If you're not familiar with proxy ARP, it's pretty cool.  See
> http://en.wikipedia.org/wiki/Proxy_ARP.)
> 
> Some details on my setup:
> 
> * I have configured my residential router (Verizon FiOS) to use all of
>   172.31.0.0/16 as my home network.
> 
> * The routers internal IP address is 172.31.255.254.  As expected its
>   subnet mask is 255.255.0.0.
> 
> * I have configured the router's built-in DHCP server to provide
>   addresses within the range 172.31.255.151 - 172.31.255.253 (along with
>   a subnet mask of 255.255.0.0).  Normally, the only devices using these
>   addresses are my FiOS set-top boxes.
> 
> * My subnets run on separate VLANs.  Routing between them is provided by
>   a small server running CentOS 6.3 (32-bit).  The server has a dual-
>   port NIC, and it is using mode 6 (balance-alb) bonding.  Thus, the
>   interfaces on the server range from bond0.249 - bond0.255.
> 
> * The "upstream" IP address of my server (on bond0.255) is
>   172.31.255.1; it's subnet mask is 255.255.255.0.  (Note the
>   difference from the router's subnet mask.)
> 
> * The server acts as the default gateway for the other subnets --
>   172.31.249.0/24 (on bond0.249, 172.31.249.254) through 172.31.254.0/24
>   (on bond0.254, 172.31.249.254).
> 
> * I have set "net.ipv4.conf.bond0/255.proxy_arp = 1" in
>   /etc/sysctl.conf.  When the server sees an ARP request on bond0.255
>   for an address in the range 172.31.249.1 - 172.31.254.254, it responds
>   with its own MAC (actually, one of its two MACs because of the way
>   mode 6 bonding works).
> 
> Despite all this complexity (for a home network at least), I really
> don't have a huge number of devices.  Running "arp -n | wc -l" on the
> server shows that it has 15 entries in its ARP cache right now, which is
> about normal.  It may go up a bit when I spin up a bunch of VMs, but not
> by that much.
> 
> So why am I getting the "Neighbour table overflow" messages.  Everything
> I can Google up on this messages indicates that it happens with "large,
> flat networks" with a lot of users.  I do sort of have a large flat
> network, but that's really only true from the router's point of view.
> 
> (I should note that I only recently configured Ethernet bonding, I was
> seeing the "Neighbour table overflow" messages when I was using only a
> single interface.)
> 
> Any ideas?
> 
> Thanks!
> 


-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com
Sometimes there's nothing left to do but crash and burn...or die trying.
========================================================================