Re: [fw-wiz] Linux ARPD -- neighbor table overflow

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 03/19/04

  • Next message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"
    To: Jeff Adam <jadam@seark.edu>
    Date: Thu, 18 Mar 2004 21:27:22 -0500 (EST)
    
    

    On Thu, 18 Mar 2004, Jeff Adam wrote:

    > I have run into a problem recently with arp table size limitation in the
    > Linux kernel.
    >
    >
    >
    > A bit of History
    >
    > I have been using the same box as a firewall for past couple of years
    > and it has performed flawlessly Linux 2.4 / iptables but every couple of
    > months the number of nodes on the LAN increases by 20 to 60 usually on
    > the high end of that range we are already beyond 500 computers
    > approaching 600 with plans to add 40 to 60 additional computers already
    > being discussed. We have recently developed a problem with neighbor
    > table overflows on the firewall during peak hours.
    >
    >
    >
    > I believe I have the problem repaired I recompiled the kernel with arpd
    > support and netlink and installed arpd and made some changes in /proc
    >
    > Some other issues developed with arpd that were unexpected
    >
    >
    > the problem is all of the documentation I found on arpd was rather dated
    > including one written in 2001 that claimed the package (arpd) was far
    > beyond abandoned by the upstream maintainer. im sure networks with more
    > than 256 nodes are not that uncommon. My question is what experiences
    > have other readers of the list had with this issue and what other
    > solutions are there besides arpd for this issue.
    >
    [I don't know what the binary stuff was at the bottom of your message,
    that's what was forcing it to base-64- please fix it before responding.]

    Have you seen:

    http://www.spinics.net/lists/kernel/msg251771.html

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Dave Piscitello: "RE: [fw-wiz] vpn end-point"

    Relevant Pages