Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
14635
Views
5
Helpful
2
Replies

Arp timeout < Mac-aging timeout

Umesh Shetty
Level 1
Level 1

‎03-06-2014 08:19 PM - edited ‎03-07-2019 06:34 PM

I've recently read in Ciso documents that the arp timeout should be confugured less than the mac-ding timer. I've tried to apply some thought to it and this is what I could muster up.

Consider a connection like this

Router --- L2 Switch ---- PC's

Scenario 1 : Arp timeout < Mac-aging timer

Routers/PC's have the arp entry for all other connected PC's on the L2 switch. ARP timeout on the L3 device is set to 900 secs ( 15 mins) and that on the L2 switch is 1200 secs (20 mins).

Suppose the router has learnt the mac of a connected PC via the arp process and at 900 secs when the arp timer expires and a new packet arrives for the IP of the PC the  Router once again initiates arp with the destination mac address as broadcast address for that subnet.

Although the switch knows whre the actual mac is but, seeing the broadcast mac forwards the frame out all interfaces in that vlan and the PC whose IP it is responds to the arp request.

Scenario 2 : Arp timeout > Mac-aging timer

Consider a situation where the ARP timeout on the L3 device is set to 1200 secs ( 20 mins) and that on the L2 switch is 900 secs (15 mins).

900 secs after learning a MAC the L2 switch looses its mac entry becasue of the mac-aging timer. The L3 device( router) however still has the arp entry for the IP and forwards a frame to the Destination mac of the PC.

The switch since it does not have any entry for the destination mac has to broadcast the packet out of all ports (unicast flooding).

In both these scenarios the Switch has to broadcast the frame out all ports when one of the two timers expire. The only difference that I feel could be the reason behind having the arp timer configured less than the mac-aging timer is that In Scenario 1  the switch has to just forward the frame out all ports becasue of the broadcast address in the frame without having to take a decision of its own.

In scenario 2 it has to first search for the destination unicast mac in its own table and then because its not available it has to broadcast it (the actual data packets forwarded by the router not the arp requests) out of all ports. The switch needs to work twice rather than just forward a frame.

I would need suggestions from anyone who could help me here to understand if my understanding here is correct and if there's anything that could be added.

Regards

Umesh

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Vasilii Mikhailovskii
Level 7
Level 7

‎03-07-2014 05:47 AM

Hello, Umesh.

Image the scenario:

123.gif

R1 - router; S1/S2 - L3 switches servicing User2s VLAN (HSRP let's say); S3 - simple L2 switch.

Routing is in following state:

User1 ->User2 going via: R1 -> S1 (active HSRP) -> S3 -> User2;

User2 -> User1 via: S3->S2->R1-User1.

And  max-age timer expires before arp.

In this case S2 is safe, as user2s traffic is flowing via S2 and CAM table autoupdates with each packet.

But S1, even it ages out user2s MAC from CAM, it keeps IP and MAC in ARP cache.

So, any packet from User1 to User2 (that came to S1) will be flooded over all the ports of that same VLAN on S1!

More typical issue (scenario) is when R1 have equal-cost route to User1 over both S1 and S2 devices.

Hope, this will help.

PS: loop-free U design doesn't suffer of the issue, as each switch (S1 and S2) has only 1 port assigned to particular VLAN.

Umesh Shetty
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎03-07-2014 06:47 AM

Hi Mikhail,

If I've understood this correctly the arp timeout should be lesser than the mac-aging timer in cases where the to and fro traffic is via separate first hop routers. So in this situation when a packet from User1 to User2 arrives at S1 and S1 has entry in the arp cache for User1 it sends the frame to User2;s destination mac, but since S1 does not have any entry in the cam it needs to broadcast it out all interfaces in that Vlan.

Also if I am not wrong in this situation since User2's Default Gateway is S2 all traffic from User2 will be sent to S2 via S1's uplink to S2, S1 never learns the Mac address of User2 (since it never does and arp request and hence User2 never replies explicitly to S2) and hence all packets from S1  will be sent to User2's mac address but will be broadcast as earlier.

By loop free U design u mean the 3 tier architecture with HSRP on L3 interface on the Core rather than SVI's in your example.

Regards

Umesh

Regards

Umesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card