ARP Pending Entries queue being maxed out on X450

  • 0
  • 1
  • Problem
  • Updated 4 years ago
Hello all

We have a client with a two unit X450 stack with about 400 layer 3 VLAN interfaces and we are finding that the ARP Pending Entries queue increases to whatever the upper limit is set to.  We are also seeing that an apparently random selection of hosts connected to the switches becomes occasionally becomes unreachable, which would make sense given that the switch is unable to resolve ARP for them.

This started being noticable at around 350 layer 3 VLAN but increasing the Pending Entries limit seemed to keep it in check for a while, although I guess that might have just lowered the number of complaints.  Whatever limit is set, though, seems to always be reached in a few days

Does anyone know if there is some known limitation with the X450 or XOS 12.4.1.7 that can cause this behaviour? Can the issue perhaps be resolved by using a different firmware version?  If so, what is recommended for the X450?

Any other ideas for mitigating this problem?

The output of 'show iparp" gives the following statistics:
==========================================================
Dynamic Entries : 347          Static Entries : 0
Pending Entries : 2048
In Request : 34990997          In Response : 590791
Out Request : 31413049         Out Response : 20684269
Failed Requests : 5137454
Proxy Answered : 2583974
Rx Error : 4                   Dup IP Addr : a.b.c.177
Rejected Count : 485915        Rejected IP : 169.254.135.15
Rejected Port : 1:21           Rejected IF : CLIENT134

Max ARP entries : 8192         Max ARP pending entries : 2048
ARP address check: Enabled     ARP refresh : Enabled
Timeout : 20 minutes           ARP Sender-Mac Learning : Disabled
==========================================================

Regards
Warwick
Photo of Warwick Duncan

Warwick Duncan

  • 152 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Stephane Grosjean

Stephane Grosjean

  • 762 Points 500 badge 2x thumb
Hi,

What x450 is this? x450, x450e or x450a?
Considering the entries you have, I only see a x450e that could have an issue.

Regards,
Stephane
Photo of Warwick Duncan

Warwick Duncan

  • 152 Points 100 badge 2x thumb
Hi Stephane

It's the original x450, i.e. not a or e.

There are a couple of things to add that might be useful.  The switch stack has ~300 directly connected /24 networks which are mostly empty of hosts.  Someone doing a scan of all that IP space would lead to lots of unanswered ARP queries filling up the Pending queue, but we haven't been able to find any evidence of such scanning.

No matter how high the 'Max ARP pending entries' limit is raised, that limit is reached in a day or two.  It looks a bit like some kind of memory leak or maybe the queue not being properly pruned but I can't find any indication that XOS 12.4.1.7 has a bug of that nature.

The best idea we've had so far is to raise the ARP timeout and hope for the best, which isn't ideal.

Regards
Warwick