We have a setup where we use about ~22K of IPv4 addresses (all in the same VLAN). We have noticed that once ARP cache table reaches 16384 records no more records are added and we are unable to ping the IPs that did not "fit" into the cache.
Is there any way around this or we would have to upgrade to a better switch?
Out of curiosity, what kind of architecture do you have where there are 22K machines in the same VLAN? Since they're all in the same VLAN, I don't think that there is a whole lot you can do besides turning your 'mac-table-aging-time' and to a low number, but even then, you'd need to know the implications of doing that. It doesn't do anything to support more than 16K addresses, but it might bring the number of known MAC addresses down to below 16K for periods of time, depending on your network's behavior.
Since I would only consider this a band-aid and overall will not solve your problem, I'd suggest upgrading to perhaps an EX4300 which I believe supports 64K addresses.
I think I recall reading something somewhere about how to modify the TCAM allocation on the EX series by dropping into the PFE and modifying something, but A) I can't find the reference and B) I definitely wouldn't recommend it as a long term solution.
Our architecture is pretty simple actually - we have 10 powerful machines behind EX3200 for VPN services and a single Gbe uplink with BGP. Each machine is assigned ~2000-2500 ipv4 addresses for customers and IPs "float" between servers, this is why they have to be in the same VLAN. At any given time there is at least 12000 active customers (=IPs) and during peak hours this number increases to over 16K.
I am thinking maybe I could just stick something [inexpensive] in between the EX3200 and the 10 servers that has support for such many IPs and just route the subnets to this device? I hever had experience with anything besides EX3200 so any suggestions are welcome.
Although I am not afraid of the idea of patching things
As evt mentioned, the switch you have is not adequate for your needs and any tweeking may not be in the best interest of your business. I also suggest you replace that switch with one that can adequately meet your needs. Personally, I would wait on some more updates for the 4300. It should work in your case but it is still limited in functionality. The 4600 is new and I do not know anything about its stability at this time. EX3200 line of Ethernet switch supports Max number of ARP entries: 16,000 EX4300 line of Ethernet switch supports Max number of ARP entries: 64,000 EX4600 line of Ethernet switch supports Max number of ARP entries: 48,000
EX4200 line of Ethernet switch supports Max number of ARP entries: N/A
EX4550 line of Ethernet switch supports Max number of ARP entries: N/A
EX4500 line of Ethernet switch supports Max number of ARP entries: N/A
before you make the decision, get as much details as you can from a Juniper Engineer and see if there are people who have experience with those swithces
[KUDOS PLEASE! If you think I earned it! If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
I have just read a few discussions regarding EX4300 and it does not seem like it will be a good idea to buy one of them. EX3200 is rock solid - we use over a dozen of them for a few years for same purpose with literally zero issues, not a single glitch, everything is perfect except for the ARP cache. And it seems like we won't be able to afford EX4600 at the moment...