Previous section   Next section

Recipe 2.2 Managing the Router's ARP Cache

2.2.1 Problem

You want to adjust the ARP table timeout value.

2.2.2 Solution

To modify the ARP timeout value, use the arp timeout configuration command:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Ethernet0
Router1(config-if)#arp timeout 600     
Router1(config-if)#end                 
Router1#

2.2.3 Discussion

Every LAN device has an Address Resolution Protocol (ARP) cache. This is a table that the device uses to map Layer 2 MAC addresses to Layer 3 IP addresses. Without this mapping, the device could build its IP packets, but not the Layer 2 frames to carry them.

Devices discover the information in the ARP cache dynamically. If a device needs to send a packet to an IP destination, and it doesn't have a corresponding MAC address, it sends out a broadcast ARP request packet. This packet reaches every device on the LAN segment. The device that "owns" the IP address in question sends back an ARP response packet to complete the process.

Many LAN devices also automatically send a gratuitous ARP packet when they first connect to the network. A gratuitous ARP is a broadcast packet that is effectively an unsolicited ARP response. Every device on the LAN segment will receive this packet so that it can update its ARP cache in case there is ever a need to talk to this new device.

The ARP request and response process obviously takes time to complete, introducing a delay in packet processing. Furthermore, because the ARP request packets are broadcasts, they go to every device on the LAN segment and interrupt whatever that device was doing. If there are too many of these packets on the segment, it can cause traffic congestion and CPU loading on the connected devices.

To keep the ARP traffic down, all IP devices maintain a cache of these ARP entries. Old entries that are no longer valid need to be periodically removed. The router needs to flush out old ARP cache entries faster in environments where devices frequently change their address, such as when there are very short DHCP lease times. In some cases there are so many devices that the ARP cache table becomes unwieldy, taking up too much memory or too much CPU time to support. Maintaining a balance between removing old invalid entries and keeping the amount of ARP traffic down is crucial.

By default, Cisco routers use an ARP cache timeout period of four hours. This means that if the router hasn't sent or received any packets with a particular address for the last four hours, it flushes the ARP entry from its cache. This period usually works well on Ethernet networks. However, there are special situations where you can improve network performance by adjusting this period.

The example in this recipe reduces the ARP timeout period to 600 seconds (10 minutes):

Router1(config-if)#arp timeout 600

Of course, you could just as easily use this command to increase the default ARP timeout period. In general we don't recommend using an ARP timeout period of less than about five minutes because a shorter period tends to cause too much CPU and network loading.

The show ip arp command prints out the current contents of the router's ARP cache:

Router1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.1.5              8   0001.9670.b780  ARPA   Ethernet0
Internet  172.25.1.7              -   0000.0c92.bc6a  ARPA   Ethernet0
Internet  172.25.1.1              9   0010.4b09.5700  ARPA   Ethernet0
Internet  172.25.1.3              2   0010.4b09.5715  ARPA   Ethernet0
Router1#

This output includes the IP address, age in minutes, MAC address, and the interface information for each ARP entry. The router resets the ARP age counter to zero whenever it sees valid traffic from the corresponding device. This ensures that the addresses of active devices are never flushed out of the cache, no matter how long they have been known.

You can specify a particular IP address with the show ip arp command. This can be useful when you are only interested in particular entries in a large cache table. On a large LAN core router, there could be hundreds or even thousands of ARP entries in the cache�far too many to scan by eye:

Router1#show ip arp 172.25.1.5
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.1.5              2   0001.9670.b780  ARPA   Ethernet0
Router1#

The same command can also display the ARP information for a particular MAC address:

Router1#show ip arp 0010.4b09.5715
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.1.3              3   0010.4b09.5715  ARPA   Ethernet0
Router1#

And you can even get a listing of ARP information for a particular router interface:

Router1#show ip arp Ethernet0
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  172.25.1.5              4   0001.9670.b780  ARPA   Ethernet0
Internet  172.25.1.7              -   0000.0c92.bc6a  ARPA   Ethernet0
Internet  172.25.1.1              2   0010.4b09.5700  ARPA   Ethernet0
Internet  172.25.1.3              4   0010.4b09.5715  ARPA   Ethernet0
Router1#

When you are having an ARP problem or there are stale entries that you need to remove immediately, it can be useful to clear the entire cache. To manually clear the router's entire ARP cache, use the clear arp command:

Router1#clear arp
Router1#

Unfortunately, there is no way to remove a single ARP entry. If you need to manually clear an entry, you must erase the entire table. Doing this will cause a brief spike in ARP traffic as the router attempts to rebuild the ARP cache for the active devices, so use this command sparingly.

The show interface command includes information about the ARP timeout setting for a particular interface:

Router1#show interface Ethernet0
Ethernet0 is up, line protocol is up 
  Hardware is Lance, address is 0000.0c92.bc6a (bia 0000.0c92.bc6a)
  Internet address is 172.25.1.7/24
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 00:10:00
  <Removed for brevity>

  Previous section   Next section
Top