From: David R Antoch (dantoch@csc.com)
Date: Mon Jan 30 2006 - 10:57:39 EST
Admins,
Sorry it's been quite a while since the original post....But it was
something that I was working on periodically.
>>>>>>>>>>>>>>>>>>
Admins,
I've been seeing excessive activity with the arp cache/table on
11.0 (K series, Gig E) and 11.11 (RP5470, 100BT) servers (all patched to
the latest ARPA and LAN cumulative patches). These machines sit on a
switched and subnetted network, including our PC community numbering in
the thousands. Now, I'm seeing arp table entries cyclically increasing
to over 2400+ entries , then getting cleared at the normal ndd arp
"arp_cleanup_interval" interval, which is set to 5 minutes on the
11.0's and 1 minute on the 11.11 machine. (must be defaults because I
never changed that interval in rc.config.d/nddconf. After getting
cleared, they climb back up at a rate of ~ 20 -30 per second. Now, I
know these servers are NOT talking to that many machines. The busiest
production box (11.0 K580) usually has ~ 150 - 180 concurrent
user/connections. And this condition exists on the development 11.0 K
box, with only one or two admins logged in. I dont think any other server
platforms are exhibiting this, either. I'm not running any kind of
routing daemon (routed, gated, etc..) or rarpd either. From what I
understood about ARP, it is my machine that would issue an arp request
for arp activity to be initiated, thus populating my local arp cache table.
But there's NO WAY that I know of, that these servers are trying to talk to
that number of machines. How can these servers be putting out a broadcast
arp request, if that's whats happening, that is being responded to by
all these PC's? Has anyone seen anything similar?
Thx,
Dave
>>>>>>>>>>>>>>>>>>>>>>>
I had opened a call with HP , but then I discovered that Solaris is also
affected and exhibits the same behavior when co-residing on this subnetted
segment with thousands of PC's, which seem to be fairly chatty regarding
their ARP broadcasts. Windows, Linux and AIX dont report all these
entries in their ARP tables, so they must be ignoring those gratuitous ARP
broadcasts and only populating when the machine actually wants to talk to
them.
I guess to keep the table relatively small (because I periodically see arp
suck up lots of CPU for 10 - 20 seconds on my busy K580), I can decrease
the NDD arp_cleanup_interval from 5 minutes to 1. But ideally I'd love
to get them off of the segment with the PC's.
Also thanks to the folks who responded..
Bill Hassel
Tom Myers
David Lodge
Dave Ledger
Brett Geer
----------------------------------------------------------------------------------------
This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
----------------------------------------------------------------------------------------
--
---> Please post QUESTIONS and SUMMARIES only!! <---
To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
Name: hpux-admin@dutchworks.nl Owner: owner-hpux-admin@dutchworks.nl
Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only)
http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:51 EDT