[nzlug] large ARP Cache using public ip on NIC
Mark Foster
blakjak at blakjak.net
Fri Sep 22 20:06:08 NZST 2006
On Fri, 22 Sep 2006, Cliff Pratt wrote:
> Kerry Thompson wrote:
>> Robin Sheat said:
>>> On Friday 22 September 2006 14:21, razza wrote:
>>>> The odd time I've seen "Neighbour table overflow." errors due to a full
>>>> ARP
>>>> Cache especially if someone uses something like bittorrent :)
>>> That's weird unless you're on a huge LAN. The only ARP request for talking
>>> to
>>> the internet at large is (should be) the one that looks up your next
>>> gateway.
>>> It should associate the gateway IP with its MAC address, and that's it. It
>>> might be a sign of a broken setup somewhere else that it's not working
>>> right,
>>
>> Or if the netmask on the interface was 0.0.0.0 then the system would
>> believe every possible IP address was on the local subnet, and ARP for it
>> (although that *should* also break your internet access).
>>
> I was wondering about that too. 255.0.0.0 would be almost as bad.
It will break your internet access, unless you've got very weird proxy arp
type stuff enabled on every hop.
The subnet mask determines whether it arps for it and looks for the
destination in the layer 2 space, or arps for the default gateway and
heads off at layer 3 (IP) for a route to the destination instead.
A packet capture on the interface will show you the arp traffic and
perhaps some stats could be gathered to see whether your arp levels are
excessive or not....
More information about the NZLUG
mailing list