Question

ARP Pending Entries queue being maxed out on X450


Hello all

We have a client with a two unit X450 stack with about 400 layer 3 VLAN interfaces and we are finding that the ARP Pending Entries queue increases to whatever the upper limit is set to. We are also seeing that an apparently random selection of hosts connected to the switches becomes occasionally becomes unreachable, which would make sense given that the switch is unable to resolve ARP for them.

This started being noticable at around 350 layer 3 VLAN but increasing the Pending Entries limit seemed to keep it in check for a while, although I guess that might have just lowered the number of complaints. Whatever limit is set, though, seems to always be reached in a few days

Does anyone know if there is some known limitation with the X450 or XOS 12.4.1.7 that can cause this behaviour? Can the issue perhaps be resolved by using a different firmware version? If so, what is recommended for the X450?

Any other ideas for mitigating this problem?

The output of 'show iparp" gives the following statistics:
==========================================================
Dynamic Entries : 347 Static Entries : 0
Pending Entries : 2048
In Request : 34990997 In Response : 590791
Out Request : 31413049 Out Response : 20684269
Failed Requests : 5137454
Proxy Answered : 2583974
Rx Error : 4 Dup IP Addr : a.b.c.177
Rejected Count : 485915 Rejected IP : 169.254.135.15
Rejected Port : 1:21 Rejected IF : CLIENT134

Max ARP entries : 8192 Max ARP pending entries : 2048
ARP address check: Enabled ARP refresh : Enabled
Timeout : 20 minutes ARP Sender-Mac Learning : Disabled
==========================================================

Regards
Warwick

2 replies

Userlevel 2
Hi,

What x450 is this? x450, x450e or x450a?
Considering the entries you have, I only see a x450e that could have an issue.

Regards,
Stephane
Hi Stephane

It's the original x450, i.e. not a or e.

There are a couple of things to add that might be useful. The switch stack has ~300 directly connected /24 networks which are mostly empty of hosts. Someone doing a scan of all that IP space would lead to lots of unanswered ARP queries filling up the Pending queue, but we haven't been able to find any evidence of such scanning.

No matter how high the 'Max ARP pending entries' limit is raised, that limit is reached in a day or two. It looks a bit like some kind of memory leak or maybe the queue not being properly pruned but I can't find any indication that XOS 12.4.1.7 has a bug of that nature.

The best idea we've had so far is to raise the ARP timeout and hope for the best, which isn't ideal.

Regards
Warwick

Reply