vlan and arp cache

Discussion in 'Cisco' started by Gabriele Guasco, Jun 24, 2009.

  1. Hi,
    I have a problem very similar to the one described on "problem with
    vlan + arp" posted on this newsgroup on Sept , 2009 but I can't
    understand the answer so I kindly ask your help:
    let's consider the scenario described in that post: if the arp timeout
    in the router is lower than the mac address timeout in the mac
    forwarding table in the switch there should be no problem because the
    router will arp the dest_IP_addr and the switch will just refresh the
    mac forw table when the destination host will reply to the arp,
    But (here is what I probably didn't undestand) in my opinion if the
    arp timeout in the router is higher than the mac addr timeout in the
    switch, the router will send a unicast frame (bacause he know the
    correct dest_mac_adress) and the switch will forward that frame on
    every port exept the source port of the frame (as far as I know the
    switches do this when they don-t know where a mac address is), if this
    is correct there should be no ping timeout neither is the first nor in
    the second scenario; so i can't imagine a scenario in wich this
    "timeout mismatch" could be a problem....but in my networdk I have the
    same problem and I solve it clearing the arp-cache on the router :).
    Would someone please clarify me when the timeout mismatch can cause a
    problem? Thank you very much for reading.
    Gabriele Guasco, Jun 24, 2009
    1. Advertisements

  2. Welcome, time traveler! Since we are just finishing living June, 2009,
    could you be so kind to post the original problem? Otherwise we will
    have to wait until September before being able to answer your question.

    Andrey Tarasov, Jun 24, 2009
    1. Advertisements

  3. Gabriele Guasco

    Trendkill Guest

    What is the problem occuring on? You losing pings, or complete
    traffic to a particular IP? Anything unique on the boxes being
    impacted, i.e. load balancing, multicast, etc? Short answer is,
    perhaps there is load balancing and one of your boxes is having a
    problem. and clearing arp is the only thing that is forcing the usage
    of the other box in the cluster (which would have a different mac). I
    agree with your overall assessment of how things should work, but I
    would not be convinced that you have something in the mix that is
    making it behave differently. Here is a good link from cisco in the

    Trendkill, Jun 24, 2009
  4. Gabriele Guasco

    John Agosta Guest

    That's pretty funny, Andrey !
    John Agosta, Jun 24, 2009
  5. Gabriele Guasco

    Thrill5 Guest

    This problem usually happens when you are running HSRP. You are running
    HSRP on Routers A and B for multiple VLANs. Router A is the default
    gateway for the client, so A will receive traffic from the client. Each
    time a packet is received from client, the CAM table is updated. If Router
    B is the default gateway for the server (or the next hop router to the VLAN
    the client is on), then B will always receive traffic for the replies to the
    client.. Now on router B, if the client's MAC address is not in the ARP
    table, B will ARP the client. When the client responds, both the ARP and
    the CAM table are updated. After the CAM table times out, the ARP entry is
    still there so B will know the MAC of the client, but the MAC will not exist
    in the CAM table. Router B will then flood the packet because at layer 2,
    this is an unknown MAC address.

    The reason setting the ARP cache timeout and the CAM timeout to the same
    value fixes this problem is because when CAM table entry expires, so does
    the ARP entry. The router will then ARP the client and both tables get
    refreshed. The key to this problem is that both the ARP and CAM table
    timeout values are reset only when a packet is received from the client, not
    when one is sent to it.

    It is a Cisco recommended practice to always set the ARP and CAM timeouts to
    the same value when running HSRP in order to prevent this problem. There
    is debate as to weather you should lower the ARP timeout or raise the CAM
    timeout. I always lower the ARP timeout to match the CAM timeout, which is
    300 seconds.
    Thrill5, Jun 25, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.