Address Cache Timeout
January 28, 2008
Do any of you know what is a typical timeout for the address cache on a switch? After some initial problems with the default 240 second address timeout, I’ve found that dropping the timeout back to 5 seconds clears up the problems I was having with moving machines to other ports.
That said, 5 seconds seems a bit low to me, as every time a machine starts to talk after that there will be a brief broadcast to all interfaces. So, I’m thinking 30 seconds, but I’m not sure…
Any idea what the default is on commercial network gear? I’m thinking that Cisco stuff is five minutes, but that seems a little low to me…
Default ARP cache (which is what I assume you are asking) is 14,400 seconds (4 hours).
Thanks, but no. I’m actually wondering about the mac address cache. That is, the list which determines which Ethernet addresses are on which physical port.
Mac table cache, 5 minutes default.
It also looks like that is the minimum. Hmm. I guess I could go with that. Once things are up they won’t exactly be moving ports very often.
As the switch tables build, the number of broadcasts across the switch should reduce in number. They may show up on a ‘show interfaces’ command but I don’t believe that it’ll hit every port.
I’m not actually doing this on Cisco kit… I’ve got an old Powermac G4 here, partially stuffed with NICs (currently six ports, soon to be 13 or so), running OpenBSD. I was a bit confused why things weren’t working earlier, then I realized that it might just be the address cache. Dumping that down to five seconds cleared it right up.
Also, I doubt there’d be a RFC for it, since internet-related stuff is normally handled using actual routing protocols.
What are you doing with that? Building a DMZ?
Maybe not an RFC so much as a “We can all agree that xxx seconds should be the norm.”
My concern would be that with a 5 second cache you’ve just built a great hub out of it.
Well, not really, because after the first packet it becomes directed, but I think five seconds is a bit too short. Five minutes seems okay, though.
And, I’ve got this box here, so I spent $25 on a serial port for it, $24 for another four-port NIC, and $20 on a small CF adapter (w/DMA support) which plugs right into the port. I want one central, all-knowing network device,; a trashwall of sorts. Something which can do all the normal NAT, DHCP/DNS/DDNS, DNS cache stuff, but also make it easy to span ports, do WOL, per-port monitoring, prioritizing ACKs over everything else on the outbound interface, things like that.
Also, I’ve brought consumer grade NAT devices to their knees before participating in very popular torrents. Having a box like this doesn’t fall over like that and gives me loads more to do. Oh, and it’s only taking 43 watts right now. That’s a good bit more than a stand-alone box, but it will hopefully be a lot more powerful.
True. I’m just not having a good day today, I should’ve caught myself on that.
What about a 60 seconds? Judging from the traffic you are talking about going through it, it’s going to be either a very short (DDNS registration) or very long (a torrent, I’ve never used that).
Sounds like you’ve got it already thought out. :)
60 might be okay, but 300 or even 600 might be fine as well. It’s really rare that I’ll actually switch machines between ports, so I could maybe even do the default 2400.
And, worst case, I can always go in and simply brconfig bridge0 deladdr 1:2:3:4:5:6.
This conversation is pretty much greek to me, I’m just happy that box didn’t end up taking up space in a landfill yet. Which if Migration Assistant had worked with that model, and I was able to get my iTunes and stuff off it on my own, it would be. I’m already going to that special spot in hell reserved for photographers who go through batteries by the dozen, adding old dying computers to my landfill in hell was adding to my ecological guilt.
I think I’m just going to name this thing ‘trashwall’, since it’s pretty much a firewall made of trash. The only purchased-new part for it is the compact flash adapter.
Any idea about non-Cisco stuff?
Not so much, but I would figure that most network devices share some sort of commonality about them. Not sure if there is an RFC for mac table caching or not.