Manage Router’s ARP Cache

Address Resolution Protocol (ARP) cache is a table where router or computer is keeping Layer 2 MAC addresses to Layer 3 IP addresses mappings which hw resolved lately. Without MAC to IP mapping the device would not be able to build and send IP packets.

Device discovers the MAC to IP mapping using ARP protocol Broadcast requests on the local subnet and saves the mapping in the ARP cache. If a device wants to send a packet to a neighbour, and it doesn’t have a corresponding MAC address, it sends out a broadcast ARP request packet. This broadcast packet reaches every device on the local subnet. Everybody will receive that ARP request packet but only the one device with the IP address mentioned in  ARP broadcast request packet responds back with an ARP response packet to complete the process.

Some devices are also sending a gratuitous ARP packet when they first connect to the network. With a gratuitous ARP every device on the LAN segment will know that there is a new device on LAN segment before asking for his presence. Every PC will receive this packet so it can update its ARP cache in case there is ever a need to talk to this new device.

The ARP request and response process are delaying packet processing. ARP request packets go to all device on the subnet and in that way they spend unnecessary CPU cycles for packet processing of packets not destined to those hosts. If there are too many ARP broadcasts on the segment, it can cause traffic congestion and CPU load on devices.

So to keep the ARP traffic low, IP devices maintain a cache of ARP entries resolved lately. Old entries that are not used for some time will eventually get cleared out of the table.

Configurations of ARP cache timeout for Cisco and Juniper device:

Cisco – ARP manage

Cisco router use an ARP cache timeout period of four hours. This means that if the router hasn’t sent or received any packets with a particular address for the last four hours, it will flush the ARP entry from its cache. This period usually works well on Ethernet networks but there are special situations when you can improve network performance by changing this period.

To set different ARP timeout value from default one, use the arp timeout configuration command:

Router1#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#interface Ethernet0
Router1(config-if)#arp timeout 900

Reduction of the ARP timeout period to 900 seconds – 15 minutes:

Router1(config-if)#arp timeout 900 

Show ip arp command shows router’s ARP cache:

Router1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet              8   0001.9670.b780  ARPA   Ethernet0
Internet              -   0000.0c92.bc6a  ARPA   Ethernet0
Internet              9   0010.4b09.5700  ARPA   Ethernet0
Internet              2   0010.4b09.5715  ARPA   Ethernet0

This output includes the IP address, Age in minutes, MAC address, and the Interface information for each ARP entry. You can also show particular IP address mapping with the show ip arp command  when you are only interested in particular entries:

Router1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet              2   0001.9670.b780  ARPA   Ethernet0

The same command works with MAC address, as follows:

Router1#show ip arp 0010.4b09.5715
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet              3   0010.4b09.5715  ARPA   Ethernet0

Or you can get a listing of ARP information for a particular router interface:

Router1#show ip arp Ethernet0
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet              4   0001.9670.b780  ARPA   Ethernet0
Internet              -   0000.0c92.bc6a  ARPA   Ethernet0
Internet              2   0010.4b09.5700  ARPA   Ethernet0
Internet              4   0010.4b09.5715  ARPA   Ethernet0

To manually clear the router’s entire ARP cache, use the clear arp command:

Router1#clear arp

Show interface command shows ARP timeout setting for a particular interface:

Router1#show interface Ethernet0
Ethernet0 is up, line protocol is up
  Hardware is Lance, address is 0000.0c92.bc6a (bia 0000.0c92.bc6a)
  Internet address is
  MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec, rely 255/255, load 1/255
  Encapsulation ARPA, loopback not set, keepalive set (10 sec)
  ARP type: ARPA, ARP Timeout 00:10:00

Juniper – ARP manage

Normal ARP ageing timer on Juniper devices is set to 20 minutes. In enterprise network with many directly attached hosts, such as metro Ethernet, increasing the time between ARP updates can improve performance. However, in other cases is better to lower the ARP ageing timer value to prevent the flooding of traffic and improve performance.

In JUNOS the range of the ARP ageing timer is from 1 through 240 minutes.

To configure a system-wide ARP ageing timer, include the ageing-timer statement at the [edit system arp] hierarchy level:

[edit system arp]
ageing-timer minutes;

You can configure the ARP ageing timer for each logical interface of family type inet. To configure the ARP ageing timer on the logical interface level, we must go at the [edit system arp ageing-timer interface interface-name] hierarchy level:

[edit system arp ageing-timer interface interface-name]
ageing-timer ageing-timer-minutes;

One Response

  1. Anne Savoie March 7, 2017

Leave a Reply