North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
RE: TCP session disconnection caused by Code Red?
> The immediate problem with this is that it requires a *MUCH* larger ARP > cache. Rather than needing enough memory for a couple of thousand active > entries (the current norm for middle-of-the road routers), you need enough > room for every possible address on every attached segment. > Eric A. Hall http://www.ehsco.com/ Weight that against the advantages, however. If you have a large address space for the segment with few attached hosts (the case where this is a problem), you're better off with a lot of negative entries cached then with a lot of active ARP attempts. One thing I see a lot of on segments with large address spaces is that the quantity of ARP traffic can get high. Each ARP request causes an interrupt on each attach host on the segment. I'd rather the router have a larger ARP cache than the network have more broadcast traffic. I'm curious what kind of algorithms my routers currently use. If it's one packet per second with five retries -- consider a network with a /22 that's only half full. You could see as much as 512 broadcast packets a second just from one router. Sounds like an interesting technique for getting amplification by a factor of 5 -- 5 broadcast packets for every unicast packet you send. Smarter rate limiting sounds like a win. DS