Re: Excesssive arp entried due to static routes

ittechk4u1 · ‎03-03-2020

Hello Experts,

Earlier I used a static route with a next hop as outbound interface and it created a a massive issue.

now i changed the next hope as IP but still i see lots of AP entries...how can i reduce it so that i will impact my HQ switch/router:

Layout:

WANSW1(10.247.27.254) ------------------------------------------------Core SW(Remote Location - 10.247.27.1)

(Dark Fiber)

WAN SW1 route:

no ip route 10.27.0.0 255.255.0.0 Vlan247 name DARKFIBRE track 247
ip route 10.27.0.0 255.255.0.0 10.247.27.1 name DARKFIBRE track 247

Core SW_Remote Route

ip route 0.0.0.0 0.0.0.0 10.247.27.254 name DARKFIBRE track 247

Here are the details about route and ARP:

WANSW1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 10.27.1.100 15 10b3.d5a1.5d72 ARPA Vlan247
Internet 10.27.7.1 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
skip(250 entries)
.
.
Internet 10.27.7.254 15 10b3.d5a1.5d72 ARPA Vlan247
Internet 10.27.21.10 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
skip (more then 20 entires)
.
.
Internet 10.27.21.254 15 10b3.d5a1.5d72 ARPA Vlan247
Internet 10.27.22.10 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
skip(more then 100 entires)
.
.
Internet 10.27.22.254 15 10b3.d5a1.5d72 ARPA Vlan247
Internet 10.27.23.10 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
skip(more then 80 entires)
.
.
Internet 10.27.23.150 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
.
Internet 10.27.32.6 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
.
.
Internet 10.27.70.12 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
.
.
Internet 10.27.80.1 15 10b3.d5a1.5d72 ARPA Vlan247
.
.
.

and there are many for each vlan....we have more than 20 vlans and every vlan have 100 entries....

How can i solve the issue!!

rishrapsody1 · ‎03-03-2020

Can you try flushing old arp enteries on WAN device?

ittechk4u1 · ‎03-03-2020

I tried with the command clear arp-cache interface vlan 247 but still there are arp entires are there.

Thanks

Cristian Matei · ‎03-03-2020

Hi,

Check to ensure that you have no routes left without a next-hop configured, clear the ARP table, and look again; it should be fixed.

Regards,

Cristian Matei.

ittechk4u1 · ‎03-03-2020

yes there is only one static route and next hop with an IP is configured.

Also cleard arp-cache still same issue...

Richard Burts · ‎03-03-2020

Would you post the configuration of interface vlan 247?

HTH

Rick

Richard Burts · ‎03-03-2020

It is the behavior of IOS that when a static route specifies an outbound interface which is Ethernet and does not specify a next hop that IOS treats all destination addresses reached through that interface as locally connected and will arp for every one of those destinations. So that was your original issue. Changing the static route to specify the next hop should have fixed that. We do not have enough information to know why it seems to not have fixed the issue. Can you provide some additional information to help us understand the issue? What model are these switches/routers? Also at a minimum I would like to see the output of show run | include route. Seeing the complete config would be better.

I do not understand the logic for which arp entries you show us and which entries you skipped. Can you clarify?

I note that your static route now uses the next hop of 10.247.27.1. I looked for that address in your arp output but did not find it. Is it really not in the arp table? Or is that one of the entries that you skipped?

I am a bit puzzled at the logic of the static route for 10.247.0.0 255.255.0.0 with a next hop that is in that subnet. It appears to be a static route for a connected subnet. Is that the case? If 10.247.0.0 is a connected subnet then all the arp entries that you show us that are in 10.247.0.0 are legitimate arp entries. Perhaps we need to look at the logic for configuring a vlan that could have 65,000 addresses in it (which means that there could be 65,000 arp entries that are legitimate).

HTH

Rick

ittechk4u1 · ‎03-03-2020

more info abour arp on WANSW:

WANSW and CORE SW remote are directly connected.

I have already mentioned about static routes......

WANSW1#sh ip arp vlan 247
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.27.23.52 3 10b3.d5a1.5d72 ARPA Vlan247
skip
Internet 10.27.92.127 3 10b3.d5a1.5d72 ARPA Vlan247
--More--

Thanks

Cristian Matei · ‎03-03-2020

Hi,

Use "clear arp-cache" and "clear adjacency"; if still not fixed, i would reboot the switch.

Regards,

Cristian Matei.

ittechk4u1 · ‎03-04-2020

I will reboot the switch by end of this month and let you know.

Thanks again

ohassairi · ‎03-05-2020

do you have ip proxy-arp configured ?

Cristian Matei · ‎03-05-2020

Hi,

"proxy-arp" enabled on the switch would cause the other side to end up with many ARP entries. I would reboot the switch soon than later, the ARP memory size in TCAM is platform dependent, and if you exceed it, you're busted, switch may crash, ARP may fail, so not good at all (it's up to whatever the exception will cause the switch to do).

Regards,

Cristian Matei.

Richard Burts · ‎03-05-2020

I really would like to see the configuration of interface vlan 247 and to see if it is indeed defining a mask of 255.255.0.0. If so that could be a lot of hosts responding to arp.

But I have looked through the discussion again and have 2 additional things to address. In looking at the arp entries I note that all of them seem to relate to the same mac address 10b3.d5a1.5d72. Can we find out what device has that mac address? I am wondering whether this might be the mac of the core switch?

Also I am thinking about this statement

and there are many for each vlan....we have more than 20 vlans and every vlan have 100 entries

If there are multiple vlans with this symptom then I believe that we may need to see the complete configuration rather than just an interface configuration.

HTH

Rick