Provider standard ARP Timeout?

Fri Aug 10 21:14:24 UTC 2012

--- On Fri, 8/10/12, Blake Hudson <blake at ispn.net> wrote:

> From: Blake Hudson <blake at ispn.net>
> Subject: Re: Provider standard ARP Timeout?
> To: nanog at nanog.org
> Date: Friday, August 10, 2012, 1:03 PM
> Saku Ytti wrote the following on
> 8/10/2012 10:27 AM:
> > On (2012-08-10 10:23 -0400), Jay Nakamura wrote:
> > 
> >> Cisco default ARP timeout is 4 hours.  Do
> anyone change that to
> >> something shorter in a provider environment for
> customer with Ethernet
> >> connectivity?  What is a good value to set it
> to?
> > Maximum value should be your L2 MAC timeout. Most other
> vendors use low
> > limits these days (linux, junos come to mind).
> > So 300s max really.
> > 
> > If ARP timeout is higher than L2 MAC timeout you can
> cause loops in
> > otherwise correctly configured network.
> > 
> 
> I haven't seen loops, but have seen unicast floods when the
> MAC address times out for a host that receives data, but
> does not transmit it (hence the switch often forgets the MAC
> for the device). On Cisco gear I found it simpler to
> increase the mac address timeout to match the ARP timeout
> because the MAC timeout is a global command and the ARP
> timeout was a per interface command. IIRC, Cisco recommends
> the two match under certain setups - VRRP/HSRP comes to
> mind. I would think that a matched setup would always be
> ideal, with shorter timeouts for networks that encounter
> more instability or user movement.
> 
> --Blake
> 

IMO, it is a balancing-act(topology/traffic dependant) arp-broadcasts v/s unknown-unicast-floods.

In some cases I have lowered arp-timeout to match mac-ageing (8mins with dfc, and default 5 for non-dfc - cisco speak) In other cases, increasing mac-ageing to match arp-ageing - 4 hrs.
./Randy