Extreme Networks

Richard_Wenners · ‎04-18-2017

We had a strange issue yesterday. One of our Summit X480 (with VIM2-10G4X card) didn't learned new ARP entries. When I tried to pinged the IPs (which has not learned) from the X480 I got error message "Packet transmit error" . A few houres earlier a got the following message in the logfile: " IPv4 multicast entry not added. Hardware L3 Table full."

After a reboot, it started to work again.

show iparp
Dynamic Entries : 7655 Static Entries : 0
Pending Entries : 10
In Request : 4631721337 In Response : 175743045
Out Request : 15168044352 Out Response : 4475702318
Failed Requests : 2508625354
Proxy Answered : 4079619495
Rx Error : 243652 Dup IP Addr : 212.37.109.1
Rejected Count : 25638473 Rejected IP : 212.112.190.157
Rejected Port : 25 Rejected I/F : VL_IN_IP-ONLY_M

Max ARP entries : 16384 Max ARP pending entries : 256
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
Locktime : 1000 milliseconds
Retransmit Time : 1000 milliseconds
Reachable Time : 900000 milliseconds (Auto)
Fast Convergence : Off

show iproute reserved-entries statistics
|-----In HW Route Table-----| |--In HW L3 Hash Table--|
# Used Routes # IPv4 Hosts IPv4 IPv4 IPv6 IPv4
Slot Type IPv4 IPv6 Local Remote Local Rem. Local MCast
---- --------------- ------- ------ ------ ------ ----- ----- ----- -----
1 X480-24x(10G4X) 414 0 7654 0 0 0 0 18

Theoretical maximum for each resource type:
X440 32 16 64 64 509 512 256 * 256
E4G-200 12256 6128 8189 12288 8189 8192 4096 * 6000
X460, E4G-400 12256 6128 12288 12288 16381 16384 8192 * 6000
X480(40G4X) 16352 8176 8189 16384 8189 8192 4096 * 4096
X670-48x, X670V-48x 16352 8176 8189 16384 8189 8192 4096 * 4096
X670V-48t 16352 8176 16381 16384 16381 16384 8192 * 6000
X770 16352 8176 16384 16384 131072 49152 49149 *106496
X480 262112 8192 16381 40960 16381 16384 8192 * 6000

What is the L3 host limit on a X480 with VIM2-10G4X card? Is it 8000 or 16000 host entries?

EXOS 15.5.3.4 patch1-5

Richard_Wenners · ‎04-18-2017

We are using the X480 switch to route Internet traffic for our customers (we are a small ISP). So we do not have any multicast needs. But some customer maybe have a misconfigured devices and sending multicast stream to our router (X480). Maybe we shall apply an ACL to block multicast traffic from the customers to protect the HW resources on the X480?

What does "ARP total" means when you this command?

# show iparp stats summary
IP ARP VR Statistics Tue Apr 18 15:44:18 2017
ARP-
ARP Total Dynamic Static Pending Unneeded Failed (Rejected)
===============================================================================
Totals for all VRs
12145 7807 0 255 139 3897236 11871
===============================================================================

Stephane_Grosj1 · ‎04-18-2017

This output is from the software side, not the HW utilization. You need to configure the software side to be greater than your expected usage. To know the HW usage, that's the sh iproute reserved-entries stat command, that you know already.

Erik_Auerswald · ‎04-18-2017

The Total entries counter reflects the total number of entries that are currently allocated and not freed. Hence they also include Failed entries as well as ARP unneeded entries.

Stephane_Grosj1 · ‎04-18-2017

The HW has room for 16K ARP, but it's sharing space with Multicast. Multicast has priority over ARP. So, if you were filling up the HW with Multicast, that could impact ARP.

For ARP, you also have to make sure the iparp cache is large enough (but I saw in your output that it's set to 16K as well, so that's good).

Do you have a lot of multicast, so that it could fill the 6000 entries in HW? As this is a hash table, collision happens way before.

Not sure about the disable igmp snooping.

Extreme Networks

New ARP entries is not learned on X480

New ARP entries is not learned on X480