While randomly browsing some sites, I came a cross this page which described a problem I had about a year ago. I thought I should document it on my own site as well for reference.
We where expanding our internal network (We couldn’t stay within a /24 range anymore) I decided to create a /22.
So we had: 192.168.5.0 to 192.168.5.255 and now we have 192.168.4.0 to 192.168.7.255, nice, extra IP’s!
All went well, until I noticed errors appearing on our syslog server..
Apr 17 15:22:42 uma kernel: [12562.837562] Neighbour table overflow.
Apr 17 15:22:42 uma kernel: [12562.867554] printk: 87 messages suppressed.
These warnings mean that the ARP table on the server is full and needs to be expanded if you want to avoid these overflows. Since I used a /24 before, the maximum was 255 entries. Since I’ve changed to a /22 the amount of ARP entries possible has been tripled!
There are some options in sysctl you can use to tune the ARP table size and the gc’s (garbage collector) ‘attitude’ ;) These are the following settings and their default values:
# The minimum number of entries to keep in the ARP cache. The garbage collector will # not run if there are fewer than this number of entries in the cache. net.ipv4.neigh.default.gc_thresh1 = 128 # The soft maximum number of entries to keep in the ARP cache. The garbage collector will # allow the number of entries to exceed this for 5 seconds before collection will be performed. net.ipv4.neigh.default.gc_thresh2 = 512 # The hard maximum number of entries to keep in the ARP cache. The garbage collector will # always run if there are more than this number of entries in the cache. net.ipv4.neigh.default.gc_thresh3 = 1024 # How frequently the garbage collector for neighbour entries should attempt to run. net.ipv4.neigh.default.gc_interval = 30 # Determines how often to check for stale neighbour entries. When a neighbour entry # is considered stale it is resolved again before sending data to it. net.ipv4.neigh.default.gc_stale_time = 60
There are more options you can change to tune neighour entry list, but are often fine with the default settings, you can find them here.
Now that you know what the settings mean, you can change them. As a rule of thumb, if you change the gc_threshN values, change them all, and multiply them by 2, until the warnings don’t show up in your syslog anymore.
For me, these values worked out fine:
net.ipv4.neigh.default.gc_thresh1 = 256 net.ipv4.neigh.default.gc_thresh2 = 1024 net.ipv4.neigh.default.gc_thresh3 = 2048 net.ipv4.neigh.default.gc_interval = 60 net.ipv4.neigh.default.gc_stale_time = 120
After a reboot, your changes will be lost, to prevent that, add the above settings in the file /etc/sysctl.conf.
When you just added the settings, run:
to activate the changes without needing a reboot.