Re: arp flood (offtopic?)

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is what I do to avoid "Neighbor table overflow" :
echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 8192 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
I should mention that I don't get the message Neighbor table overflow, at least with these settings, don't know with default.
Now the thing is that the load average goes up to 30 and the gateway doesn't even respond to ping after a while. The arp-requests are not only for ips that are assigned to hosts but even for un-allocated ips in the same subnet. 

Maybe dividing into multiple vlans would be a better idea?

Regards,

Alex
----- Original Message ----- From: "Marek Kierdelewicz" <marek@xxxxxxxxx> 
To: <lartc@xxxxxxxxxxxxxxx>
Sent: Wednesday, October 19, 2005 9:04 PM
Subject: Re:  arp flood (offtopic?)



Hi guys,


Hi



Sorry if this is a little offtopic, but I was wandering what can one
do to  prevent/stop arp flooding ?


You can increase arp cache table size:

echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh1

It'll make your box handle arpfloods more easily (at least DoS part).

You can also use static arp entries (man arp). This will ensure known
computers will always have access to (throu) your router (even with
arpflood in progress).


Two solutions mentioned above cope with "Neighbour table overflow" and
problems with accessibility to other legitimate users. They
don't cope however with router's cpu utilisation...

Hope that helps.

Marek Kierdelewicz
KoBa ISP
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

--
This message has been scanned for viruses and
dangerous content by LG-Network(http://www.lgnet.ro), and is
believed to be clean.





--
This message has been scanned for viruses and
dangerous content by LG-Network(http://www.lgnet.ro), and is
believed to be clean.

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux