Linux arp cache time

I. Question

1. A system that uses keepalived for hot backup requires a virtual IP address. However, the machine to which the virtual IP address belongs is determined by the active and standby of the hot standby group. Therefore, when the virtual machine obtains the virtual IP, it must To broadcast a free arp, at first people thought that this was not necessary, the reason is not to do so, the hot standby group also works very well, but it turns out that this is a must;

2. ARP cache entries have an aging time. However, in the Linux system, there is no specific way to set this aging time. So how do you set this aging time?

2. Explanation before answering the question

How does Linux maintain this stale state?

Four. Linux ARP cache implementation points

Analysis of the source code in the blog is a childhood memory, and now no longer waste the layout. Just know the main points of several timers that Linux maintains when implementing arp.
1.Reachable state timer
The timer is started whenever an arp response arrives or other neighbors that can prove that the ARP entry is truly reachable. The corresponding ARP cache entry is converted to the next state according to the configured time.
2. Garbage collection timer
The timer is started periodically, and the next time it expires, it is determined according to the configured base_reachable_time. For details, see the following code:
Once this timer expires, the neigh_periodic_timer callback function will be executed, which has the following logic, which is the above. omitted part:

If in the experiment, your entry in the stale state has not been deleted in time, try to execute the following command:
Then look at the results of ip neigh ls all, note, don’t expect to be deleted immediately, because the garbage collection timer has not expired yet. but I can guarantee that after a long time, the cache entry Will be deleted.

V. The solution to the first problem

It can be seen that only when the next hop of the actual outgoing packet is 1.1.1.1, the corresponding MAC address is mapped to the reachable state by means of the «local acknowledgment» mechanism or the actual sending of the ARP request.

Correction: After reading the keepalived source code, I found that this worry is superfluous. After all, keepalived is very mature, and should not make «such low-level errors.» Keepalived will automatically send a free arp after a host switches to the master. The code in keepalived is:

Six. The solution to the second problem

With so much, how do you set the aging time of ARP cache on Linux?
We see that there are multiple files under the /proc/sys/net/ipv4/neigh/ethX directory. Which one is the aging time of the ARP cache? In fact, let’s just say that it is the base_reachable_time file. Everything else is just a measure of optimizing behavior. For example, the gc_stale_time file records the lifetime of the cache of the ARP cache entry. This time is only the cached cache lifetime. During this time, if the neighbor is needed, the data recorded by the entry is directly used. As the content of the ARP request, it can be set to the reachable state directly after the «local acknowledgment», without the route search, ARP lookup, ARP neighbor creation, and ARP neighbor resolution.
By default, the timeout period of the reachable state is 30 seconds. If the timeout period exceeds 30 seconds, the ARP cache entry will be changed to the stale state. In this case, you can assume that the entry has expired, but the Linux implementation does not. The deletion is gone, and after the gc_stale_time time, the entry is deleted. After the ARP cache entry becomes non-reachable, the garbage collector is responsible for executing the «gc_stale_time time, the entry is deleted». The next expiration time of this timer is calculated according to base_reachable_time, specifically In neigh_periodic_timer:

It can be seen! Appropriately, we can understand this by looking at the code comments, and the good people will write the comments. In order to make the experiment clear, we designed the following two scenarios:
1. Use iptables to disable all local reception, thus blocking arp local acknowledgment, use sysctl to set base_reachable_time to 5 seconds and gc_stale_time to 5 seconds.
2. Turn off the prohibition policy of iptables, use TCP to download a large file on the external network or make a short connection. Use sysctl to set base_reachable_time to 5 seconds and gc_stale_time to 5 seconds.
In both scenarios, use the ping command to ping the default gateway of the local LAN, and then quickly Ctrl-C to drop the ping. Use ip neigh show all to see the arp entry of the default gateway. However, in scenario 1, about 5 seconds. Within, the arp entry will become unchanged after stale, and then ping, the entry will first become delay and then become probe, then reachable, again become stale within 5 seconds, and in scene 2, arp table The term continues to be reachable and dealy, which illustrates the ARP state machine in Linux. So why in scenario 1, when the entry becomes stale, it will not be deleted for a long time? In fact, this is because there are routing cache entries in use. After you delete the route cache, the arp entries are quickly deleted.

Источник

Embedded System Testing Blog

This Blog is for Embedded System Testing people who works in Embedded Product based company and are part of QA/Testing or Product Validation Group.

About Me

Thursday, 24 January 2013

ARP Timeout Value for Linux, Windows, Cisco 2960 and DELL Switch

«It may be desirable to have table aging and/or timeouts. The
implementation of these is outside the scope of this protocol.»

So the ARP timeouts are vendor dependent and can very drastically from one vendor to another. Here is some information about ARP timeouts.

1) ARP timeout for Cisco 2960 switch

# show interfaces vlan 1
Vlan1 is up, line protocol is down
Hardware is EtherSVI, address is 5897.1ec9.1040 (bia 5897.1ec9.1040)
Internet address is 192.168.100.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:10:09, output 00:10:07, output hang never
Last clearing of «show interface» counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
60274 packets input, 5100402 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
66629 packets output, 52011719 bytes, 0 underruns
0 output errors, 3 interface resets
0 output buffer failures, 0 output buffers swapped out

The default ARP timeout for cisco switch is 4 hrs.

It can be changed using following command :

#configure
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line. End with CNTL/Z.
cisco(config)#interface vlan 1
cisco(config-if)#arp timeout ?
Seconds
cisco(config-if)#arp timeout 600

2) ARP time out for DLINK switch

Default value for ARP timeout is 20 sec in DLINK switch

# show arpentry
Command: show arpentry

ARP Aging Time : 20

Interface IP Address MAC Address Type
————- ————— —————— —————
System 192.168.100.0 FF-FF-FF-FF-FF-FF Local/Broadcast
System 192.168.100.167 00-1B-11-11-BD-41 Local
System 192.168.100.255 FF-FF-FF-FF-FF-FF Local/Broadcast

Total Entries : 3

Command to change the ARP entry time out value in DLINK switch

DES-3026:4#config arp_aging
Command: config arp_aging

Next possible completions:
time

DES-3026:4#config arp_aging time
Command: config arp_aging time

Next possible completions:

DES-3026:4# config arp_aging time 600

3) Linux Fedora core 16

Default ARP timeout value in LInux is 60 sec

can be changed at /proc/sys/net/ipv4/neigh/eth1/gc_stale_time

gc_stale_time (since Linux 2.2) Determines how often to check for stale neighbor entries. When a neighbor entry is considered stale, it is resolved again before sending data to it. Defaults to 60 seconds. gc_thresh1 (since Linux 2.2) The minimum number of entries to keep in the ARP cache. The garbage collector will not run if there are fewer than this number of entries in the cache. Defaults to 128. gc_thresh2 (since Linux 2.2) The soft maximum number of entries to keep in the ARP cache. The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed. Defaults to 512. gc_thresh3 (since Linux 2.2) The hard maximum number of entries to keep in the ARP cache. The garbage collector will always run if there are more than this number of entries in the cache. Defaults to 1024. 4) Windows

It was difficult to find about XP. For windows 2000 i got following lines from the link given at reference.

Windows 2000 adjusts the size of the ARP cache automatically to meet the needs of
the system. If an entry is not used by any outgoing datagram for two minutes, the entry is
removed from the ARP cache.Entries that are being referenced are given additional time, in two minute increments,
up to a maximum lifetime of 10 minutes.After 10 minutes, the ARP cache entry is removed and must be rediscovered using
an ARP Request frame. To adjust the time an unreferenced entry can remain in the ARP cache, change the
value of the ArpCacheLife and ArpCacheMinReferencedLife registry entries.
(HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters).

So the default value looks like is 2 min.

5) For brocade switch the default value is 10 min.

command to enable aging time

The ARP ageing time is different from the MAC bridge learning time or the MAC table time . If there is mismatch between the MAC bridge learning table and ARP ageing time , it can result in unicast flood. So normally , its better if the ARP aging time is less than the bridge learning table time ( in Linux this value is 300 sec or 5 min can be seen using brctl command)

Источник

Configuring ARP age timeout [closed]

Want to improve this question? Update the question so it’s on-topic for Stack Overflow.

Closed 7 months ago .

I am trying to configure the ARP age timeout. I think I should set /proc/sys/net/ipv4/neigh/default/base_reachable_time_ms to the desired timeout. But although I set this to 30000ms (30sec) it still takes close to 10mins for an entry to get removed from the ARP cache. After reading few articles I see there are few more settings that affect the timeout:

I am not sure what to program for these. The gc_timeout defaults to 5 minutes in Linux. I changed that to 30 seconds but still I don’t see the entry getting removed within base_reachable_time/2 or 3*base_reachable_time/2 .

How can I set the expiration time for the ARP cache?

4 Answers 4

The neighbor cache in the Linux kernel isn’t as simple as one would think. I’ll try to explain some of the quirks with it.

There are subtle differences between an neighbor cache entry actually falling out of the cache entirely or just being marked as stale/invalid. At some point between base_reachable_time/2 and 3*base_reachable_time/2, the entry will still be in the cache, but it will be marked with a state of STALE. You should be able to view the state with «ip -s neighbor show»,

When in the STALE state like show above, if I ping 192.168.42.1, it will send the packet to 00:25:90:7d:7e:cd right away. A second or so later it will usually send an ARP request for who has 192.168.42.1 in order to update it’s cache back to a REACHABLE state. BUT, to make matters more confusing, the kernel will sometimes change timeout values based on positive feedback from higher level protocols. What this means is that if I ping 192.168.42.1 and it replies, then the kernel might not bother sending an ARP request because it assumes that the pong meant that it’s ARP cache entry is valid. If the entry is in the STALE state, it will also be updated by unsolicited ARP replies that it happens to see.

Now, for the majority of cases, the entry being in the STALE state is all you need to worry about. Why do you need the entry to be removed from the cache entirely? The kernel goes to a lot of effort to not thrash memory by just changing the state of cache entries instead of actually removing and adding them to the cache all the time.

If you really really insist that it not only will be marked as STALE, but will actually be removed from the hashmap used by the neighbor cache, you have to beware of a few things. First, if the entry hasn’t been used and is stale for gc_stale_time seconds, it should be eligible to be removed. If gc_stale_time passed and marked the entry as okay to be removed, it will be removed when the garbage collector runs (usually after gc_interval seconds).

Now the problem is that the neighbor entry will not be deleted if it’s being referenced. The main thing that you’re going to have problems with is the reference from the ipv4 routing table. There’s a lot of complicated garbage collection stuff, but the important thing to note is that the garbage collector for the route cache only expires entries every 5 minutes (/proc/sys/net/ipv4/route/gc_timeout seconds) on a lot of kernels. This means the neighbor entry will have to be marked as stale (maybe 30 seconds, depending on base_reachable_time), then 5 minutes will have to go by before the route cache stops referencing the entry (if you’re lucky), followed by some combination of gc_stale_time and gc_interval passing before it actually gets cleaned up (so, overall, somewhere between 5-10 minutes will pass).

Summary: you can try decreasing /proc/sys/net/ipv4/route/gc_timeout to a shorter value, but there are a lot of variables and it’s difficult to control them all. There’s a lot of effort put in to making things perform well by not removing entries in the cache too early (but instead just marking them as STALE or even FAILED).

Источник

How to clear ARP Cache in Linux, Windows, and macOS?

The Address Resolution Protocol (ARP) is a very important part of IP networking. ARP is used to connect OSI Network Later (Layer 3) to OSI Data-Link Layer(Layer 2).

To communicate with any device on the network, the device must have an Ethernet MAC address.

Table of contents

What is ARP Cache?

ARP cache works as a library of dynamic ARP entries. ARP entries are created when IP addresses are resolved from the hostnames and then into MAC addresses. This process is responsible to allow the devices to communicate with the different devices using IP addresses.

Reasons you should clear ARP cache from your Computer Device

Clearing ARP cache is not a needed task, in most cases rebooting your router or switch is enough to fix the connection issues.

But, with the time, arp database becomes stale and the new entries might not always override the expired entries in the database. So it can affect the network performance and may throw the errors that can affect your system.

How to Identify if there is ARP cache issue with your System?

1. You can’t ping certain IP addresses when you know those are functioning properly.
2. You can’t load websites that are working well or working properly on different devices.

If you facing this type of signs then you should clear ARP cache right now!

Clearing ARP cache will force all the requests in your database to go through the whole ARP process again.

How to clear ARP cache on Linux?

To look for arp cache entries, we can use arp command utility in linux. Run the following command to list all available entries:

Observe that we have three arp cache entries available in the cache table. We will flush arp cache table further.

There is mainly two methods for clearing arp cache on Linux machine.

1. using arp command
2. using ip command

Both command utilities are available in most of Linux distributions like Kali linux, Ubuntu, Arch Linux, CentOS, Debian, Fedora, RHEL, etc.

Clearing cache with arp command

arp is a command-line utility available in Linux to manage the cache of the system. arp command will allow users to clear specific cache entries. We can select which cache entries should be flushed or cache cleared.

Just use -d option to flush the shown entries

To confirm which enties are deleted, run the following command,

Observe that the cache entry for 192.168.1.240 is cleared.

which means the ARP entry will be refreshed whenever it is needed.

Issue: Sometimes the command arp -d is used to remove cache, it leaves the table with entries where HWaddress is marked as (incomplete) but the entry still remains there. So the question is how to completely remove the arp entry from the table OR make the table empty?

We can use ip command utility for this type of issue resolution. Read the next point on “Clearing cache with ip command (Fully flush arp cache)”

Clearing cache with ip command (Fully flush arp cache)

Clearing arp cache using ip command is the most preferable way in Linux, as it can clear out the full ARP cache in one go. ip command is built-in in newer Linux distributions.

use the following command to clear full arp cache using ip utility:

The first -s will provide extra verbose output.

Second -s to select the neighbor table. The neighbor table with the ip command equals to both the ARP and NDISC cache.

The command will fully flush ARP cache from the system in one go.

To confirm it, just run the following command,

How to clear ARP cache in Windows?

Clearing arp cache in Windows is a super easy task. We will use the command prompt to clear arp cache or flush arp cache from the windows system. This method can be applied to any Windows OS like Windows 7, Windows 8, Windows 10, etc.

Here the requirement is, you have to run the command prompt(cmd) as administrator. If you are on an administrator account then it’s fine, you can run the cmd directly. But, if you are not logged in as a system administrator then you have to start cmd as administrator to allow the NetShell command to work.

To view windows arp cache, just run arp -a command in command prompt.

To flush arp cache, just run the following the netsh command,

After clearing arp cache, confirm it by rerunning arp -a command.

Observe the message “No ARP Entries Found.”, which means the windows arp cache is cleared or flushed.

We can also use arp -d to clear arp cache for specific entry only in windows.

How to clear ARP Cache in macOS or OS X

To clear or flush ARP cache in the macOS, follow these steps:

1. Open your terminal app.
2. Insert this command to view the current arp cache available in the system.

1. Now use the following command to clear or flush the whole arp cache available in the macOS system.

Источник