Too Much ARP-ing

Joel D. Kraft (kraft@alpha.CES.CWRU.Edu)
Sun, 26 Jan 97 21:18:31 EST

I have a machine running RedHat 4.0 with a custom built 2.0.27 kernel with
a Cabletron E2142 ethernet adapter. We have a rather large Class B network
that has about 5000 machines on it. There is some bad bridging, so the
section my machine is on probably has 200+ machines on it.

I'm getting flack from the network folks because the machine is issuing
up to 50 ARP requests per second. Now, the machine is basically a server
for email, WWW, and netatalk/samba, but does not get much traffic at all.

My arp table currently has about 260 ARP entries in it at all times, but
I know that my machine has not communicated with many of them at all, and
not recently with all but a few of the rest. From what traffic we have been
able to analyze on the network, my machine seems to be issuing an ARP
request for _every_ IP address that appears on the segment, even if the
traffic has nothing to do with my machine.

This is a typical scenario from tcpdump -p (my machine is jeff):
15:30:37.455806 arp who-has hunny.INS.CWRU.Edu tell ins02055.INS.CWRU.Edu
15:30:37.455806 arp who-has ins02055.INS.CWRU.Edu tell
16:27:55.025806 arp who-has hunny.INS.CWRU.Edu tell b64471.STUDENT.CWRU.Edu
16:27:55.025806 arp who-has b64471.STUDENT.CWRU.Edu tell
16:27:55.325806 arp who-has rabbit.INS.CWRU.Edu tell b62701.STUDENT.CWRU.Edu
16:27:55.325806 arp who-has b62701.STUDENT.CWRU.Edu tell

Is this behavior normal? My understanding of this procedure is that my
machine should _ONLY_ issue an ARP request when it needs to communicate
with someone for whom it doesn't know a physical address. It also will
CACHE the information from anyone else who issues a request. In the above
traffic, my ARP should have been updated with ins02055, b54471, and
b62701 since ALL the required information should have been in these request
packets. In my case, this seems to trigger a new request for each, and it
makes no sense to me.

Any help would be greatly appreciated before the network folks try to cut
me off!

 Joel D. Kraft    | Case Western Reserve University                ____ | Department of Computer Engineering & Science   \  /