Is the hold time standardized? Is there a standard or reliable recommendation for a timeout? I am well aware that a SOHO non-managed switch requires a shorter timer than a data-center switch.
That was my starting point:
- IETF: None specified. RFC 826, An Ethernet Address Resolution Protocol: It may be desirable to have table aging and/or timeouts. The
implementation of these is outside the scope of this protocol.
Various platforms, various timers:
- Microsoft: 2 min. TechNet
- Cisco IOS (version undefined): 4hr. DocWiki, Cisco NX-OS/IOS Default Configuration Differences
- Cisco NX-OS: 25 min. (see above)
- Cisco IOS 15M&T: 4 hours: cisco.com, IP Addressing: ARP Configuration Guide
- Juniper: 20 min. TechLibrary
Best Answer
You answered yourself. No RFC sets a value. Everyone chooses what they think is reasonable. Older IOS (12) has it hard coded to 4hrs; newer (15) can be changed. Linux can be (annoying) anywhere from 15sec to 2min.
In general, routers hold for long periods because they're likely to continue dealing with that host. Individual hosts (windows, linux, etc.) expire their cache quickly to keep it small, and since they are generally talking to the router constantly, that entry stays fresh.
When talking about switches (layer-2), "ARP" means the management plane, and it's just a host at that level. The layer-2 mac forwarding tables are a different animal. From the provided docwiki MAC Table Aging Timer is 30min for NX-OS and 5min for IOS.