ARP cache timeout on Cisco routers

Answered Question
Feb 13th, 2012

Hello,

I was reading a book on Cisco routers in which the author says : "The router resets the ARP age counter to zero whenever it sees valid traffic from the corresponding device. This ensures that the addresses of active devices are never flushed out of the cache, no matter how long they have been known."

I am really surprised about that because I have always thought that the ARP age counter was an absolute counter and not relative to the last time a packet was seen coming from the corresponding IP. After reading this, I made some tests which tend to confirm that the ARP age counter is absolute and does not care whether we have active traffic from the corresponding IP or not.

QUESTION 1 : can somebody confirm this please ?

I am unable to find clear assertions in Cisco documentation.

QUESTION 2 : when does the router send a new ARP request ?

For example, when the ARP timeout is 4 hours or 240 minutes (Cisco default value), the router sends an ARP request when reaching 239 minutes (1 minute before the expiration time). Is this value a fixed one (we send an ARP request 1 minute before aging) or is it a relative value (x % of the timeout value) ?

Thanks for your help.

I have this problem too.
0 votes
Correct Answer by Richard Burts about 3 years 5 months ago

Sam

I have some additional information that might help. I found a posting from a senior Cisco engineer that gives some information about the behavior of ARP in Cisco IOS. He says clearly (and has an example) that if Cisco receives an ARP request from a host it will use that request to refresh the ARP entry and reset the timer for that entry without doing its own ARP request. This may be the behavior that they were trying to talk about in the IOS Cookbook.

He also talks about doing a unicast ARP request 60 seconds before the entry expires so that the entry can be updated. He does not say specifically but I believe that this interval is fixed.

Here is the link if you want to see the details:

http://puck.nether.net/pipermail/cisco-nsp/2005-February/017400.html

As for the error in the book, I have worked as a reviewer on a couple of books and can tell you that the authors and the reviewers work hard to get things right. But sometimes errors are not caught and appear in the publication. With the amount of detail covered in the book a few mistakes are bound to creep through.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
MATTHIAS SCHAERER Mon, 02/13/2012 - 02:24

It is as you read in the book: tha ARP counter is reset to 0 when traffic is seen from/to the device. The new ARP request would be sent after 4 hours (240) minutes or after a 'clear arp' command.

Richard Burts Mon, 02/13/2012 - 05:06

I believe that Sam may be referring to a section in the IOS Cookbook which does say that the router resets the ARP timer when it sees traffic from a host. I do not agree with Matthias that this is correct. My experience with Cisco routers is that the ARP timer counts down even if it is receiving traffic from a host.

I know that Cisco routers will send an ARP request for an entry in the ARP table before that entry actually expires. I do not have anything right now that tells us how that interval is determined (fixed value or percentage). And I do not know of any command that would allow us to change the interval.

HTH

Rick

dpavun Thu, 05/14/2015 - 22:42

Hi Richard,

 

Why the router should send unicast ARP request before it is going to expire? If it sends, definitely it will get the reply unless the destination device is down. So, irrespective of traffic from that destination, the ARP entry for that destination will remain in the ARP cache. If there is any specific reason, please help me to understand this and Is there any cisco document reference now which says about this ARP request time interval before it actually expires?

 

Thanks,

Dhamodiran

Richard Burts Fri, 05/15/2015 - 06:19

Dhamodiran

 

I am not clear what you are asking. Are you asking why Cisco would send an ARP request before the expiration of the existing ARP entry, or are you asking why Cisco sends it as unicast?

 

From the context of the question it seems that perhaps you are asking why Cisco would send the request before the ARP entry expires. The most important reason can be understood if you think about what would happen if Cisco did not send the request before the entry expires. When the existing ARP entry expires the Cisco would wait for the next packet that it needs to forward to that host. When that packet arrives Cisco discovers that it does not have an ARP entry so it sends an ARP request. And it drops the packet that it would have forwarded. So it would have a negative impact on network availability if Cisco lets the existing entry expire and waits for the next packet before it sends the ARP request.

 

Sending the ARP request allows Cisco to verify that the host is still active in the network and to maintain consistent of forwarding of traffic to the host. And sending the request as unicast allows Cisco to check on the host without impacting all other hosts in that subnet.

 

HTH

 

Rick 

Sam Preston Mon, 02/13/2012 - 06:42

I agree with Richard when he says "I do not agree with Matthias that this is correct" 

I confirm that this sentence comes from the "Cisco cookbook" and my own experience also proves that this is untrue. So I don't understand why the author stated that so clearly in the aforementionned book...

I don't understand either why Cisco does no clearly indicates in its operating documentation how the ARP aging timer works on its routers. If an ARP request is issued a short time before the timer ages, why can't they write this down in the documentation ? This is an important point and a few more words just to explain that wouldn't cost a lost...

Correct Answer
Richard Burts Mon, 02/13/2012 - 10:35

Sam

I have some additional information that might help. I found a posting from a senior Cisco engineer that gives some information about the behavior of ARP in Cisco IOS. He says clearly (and has an example) that if Cisco receives an ARP request from a host it will use that request to refresh the ARP entry and reset the timer for that entry without doing its own ARP request. This may be the behavior that they were trying to talk about in the IOS Cookbook.

He also talks about doing a unicast ARP request 60 seconds before the entry expires so that the entry can be updated. He does not say specifically but I believe that this interval is fixed.

Here is the link if you want to see the details:

http://puck.nether.net/pipermail/cisco-nsp/2005-February/017400.html

As for the error in the book, I have worked as a reviewer on a couple of books and can tell you that the authors and the reviewers work hard to get things right. But sometimes errors are not caught and appear in the publication. With the amount of detail covered in the book a few mistakes are bound to creep through.

HTH

Rick

Sam Preston Mon, 02/13/2012 - 12:48

Thanks Richard for this very good answer.

For sure the book I mentionned did not explain the behavior well...

When they say "The router resets the ARP age counter to zero whenever it sees valid traffic from the corresponding device.", they should have said instead "The router resets the ARP age counter to zero whenever it sees ARP requests from the corresponding device".

This is absolutely different and important to notice the difference.

Important also to know that the router refreshes its arp cache 60 seconds before the entry expires.

Thanks a lot !


Actions

This Discussion