So I'm looking at the policies, recommended configurations, etc. of other IXes. We try to model a lot of ourselves on what the Europeans do (even if we come up short in some areas). I was reading through the AMS-IX guide. https://ams-ix.net/technical/specifications-descriptions/config-guide#3.1 They recommend a four hour ARP timeout. Thoughts? Seems a bit excessive, but I don't have over 700 networks on my IX. That said, I don't have over 700 members on my IX generating a ton of ARP traffic, so I'm probably fine recommending a smaller value. I understand it's a balance between stale records and ARP volume. Just trying to gauge what the community thinks. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com
So I'm looking at the policies, recommended configurations, etc. of other IXes. We try to model a lot of ourselves on what the Europeans do (even if we come up short in some areas). I was reading through the AMS-IX guide.
https://ams-ix.net/technical/specifications-descriptions/config-guide#3.1
They recommend a four hour ARP timeout. Thoughts? Seems a bit excessive, but I don't have over 700 networks on my IX. That said, I don't have over 700 members on my IX generating a ton of ARP traffic, so I'm probably fine recommending a smaller value.
As far as I know 4 hours has been the Cisco IOS default for many years. So you'll find millions of routers around the world with that value. I agree that it may be excessive in some situations. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
How often does your peering router change IP address? For the majority of people I would expect the answer to be almost nevery/very rarely. James.
Unless your IX has an unusual amount of churn, a four hour timeout really shouldn’t be a problem. Stale records really shouldn’t be a problem as they should get overwritten with gratuitous ARPs when needed. OTOH, having the ARP be somewhat sticky can not only reduce broadcast traffic, but also preserve visibility of what was when trying to troubleshoot. I’m trying to think of a downside to a 400 second ARP timeout for an XP and I guess I’m short of creativity at the moment because I’m coming up blank. Owen
On Jan 27, 2016, at 19:02 , Mike Hammett <nanog@ics-il.net> wrote:
So I'm looking at the policies, recommended configurations, etc. of other IXes. We try to model a lot of ourselves on what the Europeans do (even if we come up short in some areas). I was reading through the AMS-IX guide.
https://ams-ix.net/technical/specifications-descriptions/config-guide#3.1
They recommend a four hour ARP timeout. Thoughts? Seems a bit excessive, but I don't have over 700 networks on my IX. That said, I don't have over 700 members on my IX generating a ton of ARP traffic, so I'm probably fine recommending a smaller value.
I understand it's a balance between stale records and ARP volume. Just trying to gauge what the community thinks.
----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
Midwest-IX http://www.midwest-ix.com
Hey,
So I'm looking at the policies, recommended configurations, etc. of other IXes. We try to model a lot of ourselves on what the Europeans do (even if we come up short in some areas). I was reading through the AMS-IX guide.
https://ams-ix.net/technical/specifications-descriptions/config-guide#3.1
They recommend a four hour ARP timeout. Thoughts? Seems a bit excessive, but I don't have over 700 networks on my IX. That said, I don't have over 700 members on my IX generating a ton of ARP traffic, so I'm probably fine recommending a smaller value.
I understand it's a balance between stale records and ARP volume. Just trying to gauge what the community thinks.
I don't think it matters much and at any rate you can't enforce it. Someone more relevant is that MAC timeout is greater than ARP timeout. And on IXP even this is not very important, provided no one is static routing. On environments I do control, I tend to configure ARP timeout under 300s, as usually MAC timeouts are 300s. By default Cisco is 4h, JunOS is 20min, Linux is 60s. -- ++ytti
participants (5)
-
James Bensley
-
Mike Hammett
-
Owen DeLong
-
Saku Ytti
-
sthaug@nethelp.no