Juniper – ARP Table Maximum Limit

I'm running EX3300-48T – Junos-12.3R11.2. After binding multiple /24s on multiple vlans on the same switch, Started to notice that the newly and the old assigned IPs are not pinging on multiple servers on different ports.

I checked the ARP table show arp no-resolve and not all the IPs were there, so I have cleared up the ARP table clear arp and most of the IPs started to respond again.

# run show arp no-resolve | match entries is not exceeding the limit of 4017 whatever we do.

username@juniper# run show arp no-resolve | match entries    
Total entries: 3971

Then I searched for this range: 192.168.1.0/24, where the server assigned to it was down

username@juniper# run show arp no-resolve | match 192.168.1    
{master:0}[edit]

Then started the server again, the number raised up to the same limit of 4017

username@juniper# run show arp no-resolve | match entries    
Total entries: 4017
{master:0}[edit]

And some of the IPs were shown

username@juniper# run show arp no-resolve | match 192.168.1 
macaddress 192.168.1.9       vlan.131             none
macaddress 192.168.1.13      vlan.131             none
macaddress 192.168.1.29      vlan.131             none
macaddress 192.168.1.42      vlan.131             none
macaddress 192.168.1.54      vlan.131             none
macaddress 192.168.1.81      vlan.131             none
macaddress 192.168.1.91      vlan.131             none
macaddress 192.168.1.103     vlan.131             none
macaddress 192.168.1.104     vlan.131             none
macaddress 192.168.1.116     vlan.131             none
macaddress 192.168.1.140     vlan.131             none
macaddress 192.168.1.156     vlan.131             none
macaddress 192.168.1.179     vlan.131             none
macaddress 192.168.1.193     vlan.131             none
macaddress 192.168.1.199     vlan.131             none
macaddress 192.168.1.201     vlan.131             none
macaddress 192.168.1.227     vlan.131             none
macaddress 192.168.1.239     vlan.131             none
macaddress 192.168.1.244     vlan.131             none

Arp statistics

show system statistics arp 
fpc0:
--------------------------------------------------------------------------
arp:
149291335 datagrams received
33571473 ARP requests received
108007342 ARP replies received
342919782 resolution request  received
0 unrestricted proxy requests
0 restricted proxy requests
0 received proxy requests
0 unrestricted proxy requests not proxied
0 restricted proxy requests not proxied
0 datagrams with bogus interface
0 datagrams with incorrect length
0 datagrams for non-IP protocol
0 datagrams with unsupported op code
0 datagrams with bad protocol address length
0 datagrams with bad hardware address length
0 datagrams with multicast source address
147499 datagrams with multicast target address
0 datagrams with my own hardware address
1342124 datagrams for an address not on the interface
274 datagrams with a broadcast source address
1404642 datagrams with source address duplicate to mine
1242680 datagrams which were not for me
2788 packets discarded waiting for resolution
125 packets sent after waiting for resolution
1818267175 ARP requests sent
33571474 ARP replies sent
0 requests for memory denied
0 requests dropped on entry
0 requests dropped during retry
0 requests dropped due to interface deletion
0 requests on unnumbered interfaces
0 new requests on unnumbered interfaces
0 replies for from unnumbered interfaces
0 requests on unnumbered interface with non-subnetted donor
0 replies from unnumbered interface with non-subnetted donor
0 arp packets rejected as family is configured with deny arp
0 arp response packets are rejected on mace icl interface
1634 arp replies are rejected as source and destination is same
0 arp probe for proxy address reachable from the incoming interface
0 arp request discarded for vrrp source address
0 self arp request packet received on irb interface
0 proxy arp request discarded as source ip is a proxy target
71669 arp packets are dropped as nexthop allocation failed
0 arp packets received from peer vrrp rotuer and discarded
0 arp packets are rejected as target ip arp resolve is in progress
0 grat arp packets are ignored as mac address is not changed
0 arp packets are dropped from peer vrrp
3501998 arp packets are dropped as driver call failed
0 arp packets are dropped as source is not validated

What is the probability of it's being limited to 4017? Should not we expect at least 3971+254=4225 entry, not 4017 and the other IPs in the range should show up? And if it's limited, how to raise it?

Thanks,

Best Answer

According to the datasheet, the EX3300 is limited to 4000 ARP entries. It looks like this is a hardware limitation; there is no way to load a different "SDM template" like in Cisco IOS, so you're stuck on this number.

If you have a very dynamic network, you can try to reduce the ARP aging timer, to age-out stale ARP entries faster:

system {
    arp {
        aging-timer 5;
    }
}

If that doesn't help, you're stuck with buying a bigger switch; EX3400 (the successor to EX3300) can handle 16000 ARP entries.

Best Answer

Related Solutions

Routing – Sonicwall NSA 2600 routing issues with multiple LAN interfaces configured

Cisco – Dynamic ARP Inspection Ports Err-Disable with %SW_DAI-4-PACKET_RATE_EXCEEDED

Related Topic