08-06-2016, 09:36
|
#1
|
|
Inactive
Join Date: Jun 2003
Posts: 513
|
Lots of ARP messages
I'm using an SH3 with 16 downstreams (Arris CMTS) in modem mode and notice there seems to be a lot of background traffic when nothing going through my router - so I took a look at external router interface using tcpdump.
I find there is a lot of ARP traffic, up to 50 messages per second. There is no need for this, the messages are all from VM CMTS for IP addresses that are mostly not in my WAN Ethernet segment. For example:
Code:
09:14:25.004780 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.196.174 tell 82.14.196.1, length 46
09:14:25.006154 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.15.59.174 tell 82.15.56.1, length 46
09:14:25.044912 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.79 tell 82.37.38.1, length 46
09:14:25.159980 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.255.121 tell 82.13.252.1, length 46
09:14:25.272289 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.13.254.183 tell 82.13.252.1, length 46
09:14:25.487807 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.197.150 tell 82.14.196.1, length 46
09:14:25.586024 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.187.37 tell 82.14.184.1, length 46
09:14:25.737973 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.37.38.73 tell 82.37.38.1, length 46
09:14:25.793260 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.14.198.60 tell 82.14.196.1, length 46
09:14:25.857494 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 82.16.157.24 tell 82.16.157.1, length 46
My CMTS used as my gateway is 82.1.184.1 with a netmask of 255.255.252.0 which means that only IP addresses in the range 82.13.184.1 - 82.13.187.254 are contactable without going via the gateway (only 1 in above capture). Why is this traffic allowed to pollute my connection? I don't even see why any such ARP traffic is needed, surely when established on the network each CMTS knows the MAC address that has each IP address, so should be static? Why does the traffic get past the SH3 - it will only talk to the 1 WAN IP on my router.
I also see traffic for private networks - for VM kit?
Code:
09:30:05.578377 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.132.121 tell 10.167.132.1, length 46
09:30:05.580928 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.133.121 tell 10.167.132.1, length 46
09:30:05.582429 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.134.121 tell 10.167.132.1, length 46
09:30:05.583455 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.167.135.121 tell 10.167.132.1, length 46
I remember a similar issue some 15 years ago with a 64kB CM connection (TJ210) when the ARP traffic was a significant percentage of the dial-up equivalent bandwidth. At that time I believe all the ARP replies where also repeated, and Linux routers had problems with "Neighbourhood table overflow'. That issue was fixed by a CISCO UBR upgrade I recall. Can't the Arris be configured similarly - or is this a fundamental issue with 16 downstreams?
Of course its only a couple of kb/s, but small messages must have more overhead than big (hence concept of jumbo frames).
Comments?
|
|
|
|
08-06-2016, 10:03
|
#2
|
|
Inactive
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 47
Posts: 13,995
|
Re: Lots of ARP messages
Normal for the Arris E6k platform, though nothing to do with 16 downstreams per se. Even if you had one downstream locked you'd see much the same.
There is a need for it if no alternative steps are taken - there's no mapping between downstream groups and IP addresses so broadcasts for all IP scopes have to be sent down all downstream groups. Your devices are not connecting to VM via a layer 3 segmented network, you are on a nice, big broadcast domain for layer 2 purposes 
Last edited by Ignitionnet; 08-06-2016 at 10:07.
|
|
|
|
|
08-06-2016, 10:43
|
#3
|
|
Inactive
Join Date: Jun 2003
Posts: 513
|
Re: Lots of ARP messages
I think you have answered the same on VM forums, but isn't it a big waste with 99.99% of receiving devices having to ignore the broadcast arp spam? VM use 7 day leases on WAN IP addresses, and need a modem power cycle to change a registered router WAN MAC. Why do the arp tables need to be so actively refreshed? ISTR it is normal on a LAN for devices to check one another every 5 minutes or so, but even there windows/ linux devices support static arp commands.
|
|
|
|
|
08-06-2016, 12:05
|
#4
|
|
Inactive
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 47
Posts: 13,995
|
Re: Lots of ARP messages
Yes it's a waste but necessary until there are other options.
The reboots to change router WAN MAC are due to a restriction within the SH's config, not the CMTS.
The E6k's software is still somewhat immature. Hopefully options to disable ARP and use DHCP leasequery will come in at some point. Through this the CMTS if it hits an unknown IP address will send a leasequery to the DHCP server.
|
|
|
|
|
09-06-2016, 11:46
|
#6
|
|
Inactive
Join Date: Jun 2008
Location: Leeds, West Yorkshire
Age: 47
Posts: 13,995
|
Re: Lots of ARP messages
Ya. They'll run through their cache and if no hit use the leasequery protocol to ask DHCP servers for information.
All CMTS know where the DHCP server(s) is/are anyway. They need to so that they can forward DHCP broadcasts to them.
Just FYI this isn't wasting bandwidth anywhere. The broadcasts shouldn't be consuming any of your downstream rate limit, and it's a broadcast at the cable level, not a broadcast message being unicast to each modem.
Last edited by Ignitionnet; 09-06-2016 at 11:50.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT. The time now is 20:05.
|
Join CF
You are here: 
