Junos OS

last person joined: 3 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  Juniper ARP table max limit

    Posted 05-08-2017 20:27

    Hello,

     

    We are running EX3300-48T - Junos-12.3R11.2. After binding multiple /24s on multiple vlans on the same switch, Started to notice that the newly and the old assigned IPs are not pinging on multiple servers on different ports.

     

    We checked the ARP table show arp no-resolve and not all the IPs were there, so I have cleared up the ARP table clear arp and most of the IPs started to respond again.

     

    # run show arp no-resolve | match entries # is not exceeding the limit of 4017 whatever we do.

    username@juniper# run show arp no-resolve | match entries
    Total entries: 3971

     

    Then we searched for this range: 192.168.1.0/24, where the server assigned to it was down

    username@juniper# run show arp no-resolve | match 192.168.1
    {master:0}[edit]

     

    Then started the server again, the number raised up to the same limit of 4017

    username@juniper# run show arp no-resolve | match entries
    Total entries: 4017
    {master:0}[edit]


    And only few of the IPs were shown

    username@juniper# run show arp no-resolve | match 192.168.1
    macaddress 192.168.1.9 vlan.131 none
    macaddress 192.168.1.13 vlan.131 none
    macaddress 192.168.1.29 vlan.131 none
    macaddress 192.168.1.42 vlan.131 none
    macaddress 192.168.1.54 vlan.131 none
    macaddress 192.168.1.81 vlan.131 none
    macaddress 192.168.1.91 vlan.131 none
    macaddress 192.168.1.103 vlan.131 none
    macaddress 192.168.1.104 vlan.131 none
    macaddress 192.168.1.116 vlan.131 none
    macaddress 192.168.1.140 vlan.131 none
    macaddress 192.168.1.156 vlan.131 none
    macaddress 192.168.1.179 vlan.131 none
    macaddress 192.168.1.193 vlan.131 none
    macaddress 192.168.1.199 vlan.131 none
    macaddress 192.168.1.201 vlan.131 none
    macaddress 192.168.1.227 vlan.131 none
    macaddress 192.168.1.239 vlan.131 none
    macaddress 192.168.1.244 vlan.131 none

     

    - Arp statistics
    show system statistics arp
    fpc0:
    --------------------------------------------------------------------------
    arp:
    149291335 datagrams received
    33571473 ARP requests received
    108007342 ARP replies received
    342919782 resolution request received
    0 unrestricted proxy requests
    0 restricted proxy requests
    0 received proxy requests
    0 unrestricted proxy requests not proxied
    0 restricted proxy requests not proxied
    0 datagrams with bogus interface
    0 datagrams with incorrect length
    0 datagrams for non-IP protocol
    0 datagrams with unsupported op code
    0 datagrams with bad protocol address length
    0 datagrams with bad hardware address length
    0 datagrams with multicast source address
    147499 datagrams with multicast target address
    0 datagrams with my own hardware address
    1342124 datagrams for an address not on the interface
    274 datagrams with a broadcast source address
    1404642 datagrams with source address duplicate to mine
    1242680 datagrams which were not for me
    2788 packets discarded waiting for resolution
    125 packets sent after waiting for resolution
    1818267175 ARP requests sent
    33571474 ARP replies sent
    0 requests for memory denied
    0 requests dropped on entry
    0 requests dropped during retry
    0 requests dropped due to interface deletion
    0 requests on unnumbered interfaces
    0 new requests on unnumbered interfaces
    0 replies for from unnumbered interfaces
    0 requests on unnumbered interface with non-subnetted donor
    0 replies from unnumbered interface with non-subnetted donor
    0 arp packets rejected as family is configured with deny arp
    0 arp response packets are rejected on mace icl interface
    1634 arp replies are rejected as source and destination is same
    0 arp probe for proxy address reachable from the incoming interface
    0 arp request discarded for vrrp source address
    0 self arp request packet received on irb interface
    0 proxy arp request discarded as source ip is a proxy target
    71669 arp packets are dropped as nexthop allocation failed
    0 arp packets received from peer vrrp rotuer and discarded
    0 arp packets are rejected as target ip arp resolve is in progress
    0 grat arp packets are ignored as mac address is not changed
    0 arp packets are dropped from peer vrrp
    3501998 arp packets are dropped as driver call failed
    0 arp packets are dropped as source is not validated

     

    What is the probability of it's being limited to 4017? Should not we expect at least 3971+254=4225 entry, not 4017 and the other IPs in the range should show up? And if it's limited, how to raise it?

     

    Thanks,


    #limits
    #mac-address
    #Juniper
    #arp


  • 2.  RE: Juniper ARP table max limit
    Best Answer

     
    Posted 05-08-2017 20:38
    As per datasheet - https://www.juniper.net/us/en/local/pdf/datasheets/1000389-en.pdf

    Maximum number of Address Resolution Protocol (ARP) entries: 4,000


  • 3.  RE: Juniper ARP table max limit

    Posted 05-08-2017 21:03

    Suraj,

     

    Thanks so much for your reply. This means that this model of Juniper can not get more than 4000 IPs ~ 15x/24 working at the same time right? Because each running IP will need a new ARP entry in the ARP table.

     

    And is there any solution for this if we need to run more subnets? Like fastly rotating the table or something.



  • 4.  RE: Juniper ARP table max limit