Menu

#8 Limit ARP-requests

3.1-ng
closed
Andrea Di Pasquale
None
2021-01-06
2021-01-03
Tobias Karnat
No

Hello Andrea,

to limit the amount of ARP-requests, please consider the following patch which limits one request to be sent to the same host only every 250msec .

We had ARP-storms when our Citrix loadbalancer continuously sent Gratuitous ARP requests to all servers to update their ARP cache and ArpON sent back unlimited ARP requests.

RFC 1122 also states under chapter 2.3.2.1 ARP Cache Validation:
"A mechanism to prevent ARP flooding (repeatedly sending an ARP Request for the same IP address, at a high rate) MUST be included. The recommended maximum rate is 1 per second per destination."

Regards
Tobias

1 Attachments
arpon-limit.patch

Discussion

  • Andrea Di Pasquale

    Andrea Di Pasquale - 2021-01-06

    Hi Tobias,

    The DARPI implementation is a deterministic finite-state machine (FSM), which means for each state, there is a deterministic number of next finite states.

    Your ARP-storm is related to a misconfiguration of GARP settings on your Citrix LoadBalancer.

    Please, configure an appropriate configuration of GARP settings in order to send Gratuitous ARP with an acceptable time interval.

    Thanks

     

  • Andrea Di Pasquale

    Andrea Di Pasquale - 2021-01-06
    • status: open --> closed
     

Log in to post a comment.