Cable Forum - View Single Post

mmm · 08-06-2016, 09:36

I'm using an SH3 with 16 downstreams (Arris CMTS) in modem mode and notice there seems to be a lot of background traffic when nothing going through my router - so I took a look at external router interface using tcpdump.

I find there is a lot of ARP traffic, up to 50 messages per second. There is no need for this, the messages are all from VM CMTS for IP addresses that are mostly not in my WAN Ethernet segment. For example:

Code:

09:14:25.004780 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.196.174 tell 82.14.196.1, length 46 
09:14:25.006154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.15.59.174 tell 82.15.56.1, length 46
09:14:25.044912 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.79 tell 82.37.38.1, length 46
09:14:25.159980 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.255.121 tell 82.13.252.1, length 46
09:14:25.272289 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.254.183 tell 82.13.252.1, length 46
09:14:25.487807 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.197.150 tell 82.14.196.1, length 46
09:14:25.586024 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.187.37 tell 82.14.184.1, length 46
09:14:25.737973 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.73 tell 82.37.38.1, length 46
09:14:25.793260 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.198.60 tell 82.14.196.1, length 46
09:14:25.857494 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.16.157.24 tell 82.16.157.1, length 46

My CMTS used as my gateway is 82.1.184.1 with a netmask of 255.255.252.0 which means that only IP addresses in the range 82.13.184.1 - 82.13.187.254 are contactable without going via the gateway (only 1 in above capture). Why is this traffic allowed to pollute my connection? I don't even see why any such ARP traffic is needed, surely when established on the network each CMTS knows the MAC address that has each IP address, so should be static? Why does the traffic get past the SH3 - it will only talk to the 1 WAN IP on my router.

I also see traffic for private networks - for VM kit?

Code:

09:30:05.578377 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.132.121 tell 10.167.132.1, length 46
09:30:05.580928 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.133.121 tell 10.167.132.1, length 46
09:30:05.582429 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.134.121 tell 10.167.132.1, length 46
09:30:05.583455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.135.121 tell 10.167.132.1, length 46

I remember a similar issue some 15 years ago with a 64kB CM connection (TJ210) when the ARP traffic was a significant percentage of the dial-up equivalent bandwidth. At that time I believe all the ARP replies where also repeated, and Linux routers had problems with "Neighbourhood table overflow'. That issue was fixed by a CISCO UBR upgrade I recall. Can't the Arris be configured similarly - or is this a fundamental issue with 16 downstreams?

Of course its only a couple of kb/s, but small messages must have more overhead than big (hence concept of jumbo frames).

Comments?

08-06-2016, 09:36	#1
mmm Inactive Join Date: Jun 2003 Posts: 513	Lots of ARP messages I'm using an SH3 with 16 downstreams (Arris CMTS) in modem mode and notice there seems to be a lot of background traffic when nothing going through my router - so I took a look at external router interface using tcpdump. I find there is a lot of ARP traffic, up to 50 messages per second. There is no need for this, the messages are all from VM CMTS for IP addresses that are mostly not in my WAN Ethernet segment. For example: Code: 09:14:25.004780 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.196.174 tell 82.14.196.1, length 46 09:14:25.006154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.15.59.174 tell 82.15.56.1, length 46 09:14:25.044912 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.79 tell 82.37.38.1, length 46 09:14:25.159980 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.255.121 tell 82.13.252.1, length 46 09:14:25.272289 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.254.183 tell 82.13.252.1, length 46 09:14:25.487807 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.197.150 tell 82.14.196.1, length 46 09:14:25.586024 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.187.37 tell 82.14.184.1, length 46 09:14:25.737973 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.73 tell 82.37.38.1, length 46 09:14:25.793260 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.198.60 tell 82.14.196.1, length 46 09:14:25.857494 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.16.157.24 tell 82.16.157.1, length 46 My CMTS used as my gateway is 82.1.184.1 with a netmask of 255.255.252.0 which means that only IP addresses in the range 82.13.184.1 - 82.13.187.254 are contactable without going via the gateway (only 1 in above capture). Why is this traffic allowed to pollute my connection? I don't even see why any such ARP traffic is needed, surely when established on the network each CMTS knows the MAC address that has each IP address, so should be static? Why does the traffic get past the SH3 - it will only talk to the 1 WAN IP on my router. I also see traffic for private networks - for VM kit? Code: 09:30:05.578377 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.132.121 tell 10.167.132.1, length 46 09:30:05.580928 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.133.121 tell 10.167.132.1, length 46 09:30:05.582429 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.134.121 tell 10.167.132.1, length 46 09:30:05.583455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.135.121 tell 10.167.132.1, length 46 I remember a similar issue some 15 years ago with a 64kB CM connection (TJ210) when the ARP traffic was a significant percentage of the dial-up equivalent bandwidth. At that time I believe all the ARP replies where also repeated, and Linux routers had problems with "Neighbourhood table overflow'. That issue was fixed by a CISCO UBR upgrade I recall. Can't the Arris be configured similarly - or is this a fundamental issue with 16 downstreams? Of course its only a couple of kb/s, but small messages must have more overhead than big (hence concept of jumbo frames). Comments?