Which configurations may affect ARP entry update on the device

In normal cases, the device dynamically learns and updates ARP entries through ARP packets. The dynamic ARP entries can be overridden by static ARP entries. Each dynamic ARP entry has the aging time. When the aging time expires, the device sends an ARP probe packet. If the device receives an ARP Reply packet within certain probe attempts, it updates the ARP entry. If the device does not receive any ARP Reply packet beyond the configured probe attempts, it deletes the entry.

Except dynamic ARP aging parameters, some configurations on the device may affect the aging and update of dynamic ARP entries. The common related configurations are described as follows:

MAC address-triggered ARP entry update function

By default, the aging time of MAC entries is five minutes and that of ARP entries is 20 minutes. In some scenarios, MAC entries may have been updated while ARP entries have not been updated, which affects user services.

After you run the mac-address update arp command to enable the MAC address-triggered ARP entry update function, the device updates outbound interfaces in ARP entries immediately when outbound interfaces in MAC address entries change. This prevents user service interruption.

Spanning Tree Protocol

By default, the device immediately replies to topology checksum (TC) BPDUs. That is, the device ages or deletes ARP entries after receiving TC BPDUs.
When the STP convergence mode is fast, the device directly deletes the mapping ARP entry after receiving TC BPDUs.

When the STP convergence mode is normal, the device immediately ages the mapping ARP entry after receiving TC BPDUs. That is, the device sets the entry's remaining life time to 0. If the number of ARP probe attempts configured is greater than 0, the device detects whether the ARP entry ages.

If STP is configured on the network, you are advised to configure the interfaces connecting the device to a user terminal (such as a host) as an edge port and configure the BPDU protection function. Otherwise, a large number of TC BPDUs will lower the convergence speed of the STP network topology, and affect ARP entry update and maintenance, and user services.

You can run the arp topology-change disable command to disable the device from aging and deleting ARP entries when receiving TC BPDUs. You are advised to use this function together with the MAC address-triggered ARP entry update function.

Strict ARP learning

After this function is enabled, the device learns ARP entries only when it receives the ARP Reply packet in response to the locally sent ARP Request packets.

ARP-CPCAR

The device can set the default CPCAR values for the packets of each protocol. The CPCAR values of some protocol packets need to be adjusted based on the actual service scale and user network. When many users are connected to the device and a smaller CPCAR value is set for ARP Request and Reply packets, ARP packets may be lost (you can run the display cpu-defend statistics all command to check whether the packets are lost) and ARP entry learning and update are affected. In this case, you can adjust the CPCAR value for ARP packets. Run the display arp statistics all command to check the statistics on ARP entries, and change the CPCAR value for ARP Request/Reply packets accordingly. Improper CPCAR settings will affect services on your network. If you need to adjust CPCAR settings, you are advised to contact Huawei technical personnel for help.

ARP attacks on the network also affect learning and update of dynamic ARP entries. You are advised to find the attack source and configure the anti-attack function.

Scroll to top