Junos
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Visitor
Posts: 2
Registered: ‎05-08-2017
0 Kudos
Accepted Solution

Juniper ARP table max limit

Hello,

 

We are running EX3300-48T - Junos-12.3R11.2. After binding multiple /24s on multiple vlans on the same switch, Started to notice that the newly and the old assigned IPs are not pinging on multiple servers on different ports.

 

We checked the ARP table show arp no-resolve and not all the IPs were there, so I have cleared up the ARP table clear arp and most of the IPs started to respond again.

 

# run show arp no-resolve | match entries # is not exceeding the limit of 4017 whatever we do.

username@juniper# run show arp no-resolve | match entries
Total entries: 3971

 

Then we searched for this range: 192.168.1.0/24, where the server assigned to it was down

username@juniper# run show arp no-resolve | match 192.168.1
{master:0}[edit]

 

Then started the server again, the number raised up to the same limit of 4017

username@juniper# run show arp no-resolve | match entries
Total entries: 4017
{master:0}[edit]


And only few of the IPs were shown

username@juniper# run show arp no-resolve | match 192.168.1
macaddress 192.168.1.9 vlan.131 none
macaddress 192.168.1.13 vlan.131 none
macaddress 192.168.1.29 vlan.131 none
macaddress 192.168.1.42 vlan.131 none
macaddress 192.168.1.54 vlan.131 none
macaddress 192.168.1.81 vlan.131 none
macaddress 192.168.1.91 vlan.131 none
macaddress 192.168.1.103 vlan.131 none
macaddress 192.168.1.104 vlan.131 none
macaddress 192.168.1.116 vlan.131 none
macaddress 192.168.1.140 vlan.131 none
macaddress 192.168.1.156 vlan.131 none
macaddress 192.168.1.179 vlan.131 none
macaddress 192.168.1.193 vlan.131 none
macaddress 192.168.1.199 vlan.131 none
macaddress 192.168.1.201 vlan.131 none
macaddress 192.168.1.227 vlan.131 none
macaddress 192.168.1.239 vlan.131 none
macaddress 192.168.1.244 vlan.131 none

 

- Arp statistics
show system statistics arp
fpc0:
--------------------------------------------------------------------------
arp:
149291335 datagrams received
33571473 ARP requests received
108007342 ARP replies received
342919782 resolution request received
0 unrestricted proxy requests
0 restricted proxy requests
0 received proxy requests
0 unrestricted proxy requests not proxied
0 restricted proxy requests not proxied
0 datagrams with bogus interface
0 datagrams with incorrect length
0 datagrams for non-IP protocol
0 datagrams with unsupported op code
0 datagrams with bad protocol address length
0 datagrams with bad hardware address length
0 datagrams with multicast source address
147499 datagrams with multicast target address
0 datagrams with my own hardware address
1342124 datagrams for an address not on the interface
274 datagrams with a broadcast source address
1404642 datagrams with source address duplicate to mine
1242680 datagrams which were not for me
2788 packets discarded waiting for resolution
125 packets sent after waiting for resolution
1818267175 ARP requests sent
33571474 ARP replies sent
0 requests for memory denied
0 requests dropped on entry
0 requests dropped during retry
0 requests dropped due to interface deletion
0 requests on unnumbered interfaces
0 new requests on unnumbered interfaces
0 replies for from unnumbered interfaces
0 requests on unnumbered interface with non-subnetted donor
0 replies from unnumbered interface with non-subnetted donor
0 arp packets rejected as family is configured with deny arp
0 arp response packets are rejected on mace icl interface
1634 arp replies are rejected as source and destination is same
0 arp probe for proxy address reachable from the incoming interface
0 arp request discarded for vrrp source address
0 self arp request packet received on irb interface
0 proxy arp request discarded as source ip is a proxy target
71669 arp packets are dropped as nexthop allocation failed
0 arp packets received from peer vrrp rotuer and discarded
0 arp packets are rejected as target ip arp resolve is in progress
0 grat arp packets are ignored as mac address is not changed
0 arp packets are dropped from peer vrrp
3501998 arp packets are dropped as driver call failed
0 arp packets are dropped as source is not validated

 

What is the probability of it's being limited to 4017? Should not we expect at least 3971+254=4225 entry, not 4017 and the other IPs in the range should show up? And if it's limited, how to raise it?

 

Thanks,

Distinguished Expert
Posts: 1,015
Registered: ‎08-29-2013

Re: Juniper ARP table max limit

As per datasheet - https://www.juniper.net/us/en/local/pdf/datasheets/1000389-en.pdf

Maximum number of Address Resolution Protocol (ARP) entries: 4,000
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Visitor
Posts: 2
Registered: ‎05-08-2017
0 Kudos

Re: Juniper ARP table max limit

[ Edited ]

Suraj,

 

Thanks so much for your reply. This means that this model of Juniper can not get more than 4000 IPs ~ 15x/24 working at the same time right? Because each running IP will need a new ARP entry in the ARP table.

 

And is there any solution for this if we need to run more subnets? Like fastly rotating the table or something.

Distinguished Expert
Posts: 1,015
Registered: ‎08-29-2013
0 Kudos

Re: Juniper ARP table max limit

I guess we may try decreasing the ARP aging time.

http://www.juniper.net/documentation/en_US/junos/topics/task/configuration/arp-learning-aging-option...
https://kb.juniper.net/InfoCenter/index?page=content&id=KB16987
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too