Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux ARPD -- neighbor table overflow

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 18 Mar 2004 21:27:22 -0500 (EST)
On Thu, 18 Mar 2004, Jeff Adam wrote:


I have run into a problem recently with arp table size limitation in the
Linux kernel.



A bit of History

 I have been using the same box as a firewall for past couple of years
and it has performed flawlessly Linux 2.4 / iptables but every couple of
months the number of nodes on the LAN increases by 20 to 60 usually on
the high end of that range we are already beyond 500 computers
approaching 600 with plans to add 40 to 60 additional computers already
being discussed. We have recently developed a problem with neighbor
table overflows on the firewall during peak hours.



I believe I have the problem repaired I recompiled the kernel with arpd
support and netlink and installed arpd and made some changes in /proc

Some other issues developed with arpd that were unexpected


the problem is all of the documentation I found on arpd was rather dated
including one written in 2001 that claimed the package (arpd) was far
beyond abandoned by the upstream maintainer. im sure networks with more
than 256 nodes are not that uncommon. My question is what experiences
have other readers of the list had with this issue and what other
solutions are there besides arpd for this issue.


[I don't know what the binary stuff was at the bottom of your message,
that's what was forcing it to base-64- please fix it before responding.]

Have you seen:

http://www.spinics.net/lists/kernel/msg251771.html

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: