I have a not-so-optimal setup on our network, with a Cisco 2900 series router facing out to the Internet with several IP prefixes announced, covering approximately 10k IPs, plugged into a "WAN" vlan'd port on a Nortel Baystack 5510-48T managed switch. Aside from that there aren't really any vlans configured to segment off individual hosts - as most of the hosts are VMs on vSphere hosts, where some VLANing is done on the [distributed] vSwitch there - and at the end of the day I end up with a boatload of ARP traffic hosing every single active port on the switch.
A tcpdump from an interface with the "WAN" tag VLAN on a non-VMware host yields no less than 8000 ARP queries per minute, presumably the result of non-stop Internet scans across the 10k+ IPs announced on the router. The vast majority of queries go unanswered as only a fraction of the IPs are in use at the time.
What are my options for reducing this number of ARP queries on the switch? Should I be looking at some kind of per-IP ARP query 'cache' time, e.g. if answer timed out, don't ask again for X amount of seconds; some kind of configuration where I can list CIDRs of IP space as currently unattended, telling it not to ask; or anything else I'm not considering? I am not overly familiar with both Cisco CLI and the Nortel Baystack switch firmware (an Avaya CLI, similar to Cisco syntax, on the managed switch).
Any input is appreciated. Thank you!
No comments:
Post a Comment