1. Home
  2. Cisco Systems
  3. Large IP Block = Lots of ARP traffic

Large IP Block = Lots of ARP traffic

The company I work for owns a /18 - all of which exists at one location and is routed by a single router. There is no subnetting or VLAN in place, so each host is seeing a TON of ARP traffic. Also the router is struggling during peak usage times and I think that if I could cut down the amount of ARP it had to do I could stretch the life of the router. A big problem is that many of the 200+ machines have IPs on them that span many possible subnets, so it would be difficult to use VLANs to solve this problem. And would VLANs even really solve this problem? Wouldnt the router still have to do a ton of ARPing, only not every host would see every ARP? Can someone explain to me how this works? Wouldnt every VLAN still see every ARP because they go out to

255.255.255.255?

Basically here is the current network design: internet - cisco router - cisco L3 switch - - hosts I suppose internet - cisco router cisco L3 switch host would not be out of the question for us to implement, but can someone explain to me how a setup like this would work and reduce overall ARPs?

Any ideas, requests for more info, etc... would be great.

Thanks!

Reply to
laxman22
Loading thread data ...

You have to use vlans, they will resolve the problem for the host but you will have to do IP renumering. The broadcast will be segmented in per vlan, so, the broadcast from vlan X won't be seen on vlan Y. The router will still be seing all the ARPs, so, if it is overload probably you will not resolve anything about that with vlans.

-as

Reply to
aservin

so do you know of a good way to reduce the arps seen by the router? is it just not possible without another router under it? if someone is scanning my entire IP range the router is going to always try to arp right? I cant pass that off to a L3 switch?

Reply to
laxman22

How about a Firewall between the Internet and your LAN? That way, portscans won't even get to your router ... Apart from that, it sounds like your best choice would be a re-organization of the whole network, a /18 LAN sounds sick ... ;)

-gg

Reply to
Garry

You may wish to look at Private VLAN feature together with turning on "ip local proxy-arp" on L3 switch. "A protected port does not forward any traffic (unicast, multicast, or broadcast) to any other port that is also a protected port in the same switch and hence providing isolation"

formatting link
putting each of 15 L2 switches into its own PVLAN on L2 switch will drastically reduce ARP traffic - at the expense of L3 switch which would have to answer 15 times more ARP requests. HTH Cheers Alex

Reply to
Alex

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.