1

My developer hypothesis is packet is getting dropped at arp layer. We increased the default value of neigh.default.gc_thresh3 1024 --> 2048 and now everything looks good. But I want to understand is there is a way to figure it out arp packet loss.I try to search for systemtap/tools but didn't find anything. Any help is really appreciated. 

net.ipv4.neigh.default.gc_thresh3=<n>
Prashant Lakhera
  • 713
  • 2
  • 10
  • 25

1 Answers1

3

There is several articles about ARP table overflow. This article have good explanation. Also, you could check this bug.

Both articles say that you should see error neighbour: arp_cache: neighbor table overflow! in your dmesg output, as it was mentioned in comment by user188737.

Alexander Tolkachev
  • 4,608
  • 3
  • 14
  • 23
  • Thanks Alexander and user188737,but I still have the same question is dmesg is the only way or is there is any tool or kernel probe to find out the error. – Prashant Lakhera Feb 19 '20 at 05:21
  • 3
    @PrashantLakhera you could monitor amount of addresses in arp cache as `arp -a | wc -l` and if it near `net.ipv6.neigh.default.gc_thresh3` value, raise alert. – Alexander Tolkachev Feb 19 '20 at 07:23
  • 1
    There is a lot of discussion about the gc_thresh values in this [nova compute bug](https://bugs.launchpad.net/charm-nova-compute/+bug/1780348). It seems you could also run into setting net.nf_conntrack_max and net.netfilter.nf_conntrack_max. And also be aware that there are separate settings for ipv4 and ipv6 arp cache thresholds. – Gerrit Feb 19 '20 at 21:27