ARP traffic on a large-ish network

ARP traffic on a large-ish network

[Travis Bell]

I wasn't clear on my question yesterday.  Here's what I'm trying to do:

We've got a /19 block of public IPs from our provider to give to
customers.
Because we want customers to have a public IP, as opposed to NATing a
private IP, they are essentially just plugged into my switch just on the
other side of the Cisco router from our T1s.

Our Cisco router is ARP who-has'ing for the entire block of IPs (as it
should).

I'd like to stick something between the Cisco router and the customers
that keeps them from getting so much ARP traffic.  It seems like it's a
lot of traffic going through.  Ethereal captured 1260 ARP packets in 10
seconds.

So is there anything I can do?  Or is that much ARP traffic reasonable?

Thanks,
Any advice is appreciated.

Travis Bell

Re: ARP traffic on a large-ish network

[Jason Opperisano]

On Tue, 2005-03-15 at 11:24, Travis Bell wrote:
> I wasn't clear on my question yesterday.  Here's what I'm trying to do:
> 
> We've got a /19 block of public IPs from our provider to give to
> customers.
> Because we want customers to have a public IP, as opposed to NATing a
> private IP, they are essentially just plugged into my switch just on the
> other side of the Cisco router from our T1s.
> 
> Our Cisco router is ARP who-has'ing for the entire block of IPs (as it
> should).
> 
> I'd like to stick something between the Cisco router and the customers
> that keeps them from getting so much ARP traffic.  It seems like it's a
> lot of traffic going through.  Ethereal captured 1260 ARP packets in 10
> seconds.
> 
> So is there anything I can do?  Or is that much ARP traffic reasonable?

to reduce the amount of ARP traffic, you'll have to segment the network
into more than a single layer 2 broadcast domain.  this means creating
layer 2 VLANs.  in order to maintain full connectivity, you'll normally
want to divide your /19 to match up your layer 3 subnets to your layer 2
VLANs.

a /19 is 8190 hosts on a single segment--which is not what i would call
an efficient network design (as it leads to the exact problem you're
seeing).  normally, i won't create a layer 2 broadcast domain with more
than 1024 hosts (/22 subnets at layer 3), even that could be pushing it
(when they're all windows boxes).

stick a robust layer 3 switch between the customers and the cisco
router, create VLAN interfaces on the layer 3 switch for the customers
to use as their default gateways, and use the cisco router as the
default gateway for the layer 3 switch.

-j

--
"It takes two to lie. One to lie and one to listen."
	--The Simpsons

Re: ARP traffic on a large-ish network

[Grant Taylor]

You *might* try inserting a Linux router in the network between your Cisco and all your clients.  The main things this router would do is run the ARPDaemon which implements a LARGE ARP cache in user space.  Thus hopefully you could configure it to hold most if not all of your client's MAC addresses in it's internal tables thus reducing the need to ARP.  The Linux kernel's internal ARP cache maxs out at around 256 entries.  I don't know if this would work at all as all references to ARP Daemon I've seen are early 2.4 but support for it is still suppose to be in the kernel.  I just looked and it is included in 2.6.11 under "Networking Options".  Let me know if you try this and what you find out as I've got a network with about 2048 potential hosts on it that I'm considering using this on.



Grant. . . .

Travis Bell wrote:
> I wasn't clear on my question yesterday.  Here's what I'm trying to do:
> 
> We've got a /19 block of public IPs from our provider to give to
> customers.
> Because we want customers to have a public IP, as opposed to NATing a
> private IP, they are essentially just plugged into my switch just on the
> other side of the Cisco router from our T1s.
> 
> Our Cisco router is ARP who-has'ing for the entire block of IPs (as it
> should).
> 
> I'd like to stick something between the Cisco router and the customers
> that keeps them from getting so much ARP traffic.  It seems like it's a
> lot of traffic going through.  Ethereal captured 1260 ARP packets in 10
> seconds.
> 
> So is there anything I can do?  Or is that much ARP traffic reasonable?
> 
> Thanks,
> Any advice is appreciated.
> 
> Travis Bell
> 
> 

Re: ARP traffic on a large-ish network

[Jason Opperisano]

On Thu, 2005-03-17 at 03:04, Grant Taylor wrote:
> You *might* try inserting a Linux router in the network between your Cisco and all your clients.  The main things this router would do is run the ARPDaemon which implements a LARGE ARP cache in user space.  Thus hopefully you could configure it to hold most if not all of your client's MAC addresses in it's internal tables thus reducing the need to ARP.  The Linux kernel's internal ARP cache maxs out at around 256 entries.  I don't know if this would work at all as all references to ARP Daemon I've seen are early 2.4 but support for it is still suppose to be in the kernel.  I just looked and it is included in 2.6.11 under "Networking Options".  Let me know if you try this and what you find out as I've got a network with about 2048 potential hosts on it that I'm considering using this on.

VLAN it and route it before that "potential" becomes "reality."

line-wrapping your messages would be a nice touch as well.

-j

--
"If I had known there were loose women in Las Vegas, I would never
 have let you go."
	--The Simpsons