4. Refreshing ARP table

Refreshing ARP table

  • J

    hi there

    is there any way to make pfsense update it's ARP table more frequently (or not hold a cache at all)?

    Reasons being is that I have a Repeater bridge set up between 2 dd-wrt access points which are used for connecting to a remote voip server over the pfsense IPSEC VPN. Repeater Bridge setups don't preserve the MAC addresses (so effectivly, the MAC address of the voip wifi phone appears to change while I roam between these access points). I feel this is causing a 30 second or so lag before 2 way audio returns (voice from wifi phone to other party hardly drops at all). It's possible that pfsense is sending the RTP (voice) packets to a mac address which isn't reachable anymore…

    Am I making sense?

    Cheers

    0
  • K

    I replied to your other post as well, but I'll reiterate here as the post is more relevant in this context.

    What you're suggesting does make sense if the MAC of the remote host is changing frequently. I'd think that if a persistent connection is desired, that some device (either the roaming device or the device mangling its MAC) would announce a change to the network with a broadcast. If that's not happening, you can tune the caching with 'net.link.ether.inet.max_age'. I would not set it to zero (not sure it'll let you either), because you'll then be generating an arp request for every single packet that leaves your pfSense box, and arp requests are broadcasts so you'll be hugely increasing the overhead on your network (probably by several orders of magnitude). Even a cache age of a few seconds wouldn't be anywhere near as bad.

    Are you seeing a message like:

    arp: %d.%d.%d.%d moved from %x:%x:%x:%x:%x:%x to %x:%x:%x:%x:%x:%x on %s

    in the system log after/during the delays you're experiencing?

    0
  • J

    Thanks for your advice. I'll do some testing later and I'll let ya know how I got on.

    Just for the record, where do I find this net.link.ether.inet.max_age setting and how do I change it? What is it set to by default?

    Cheers

    0
  • K

    The default, at least on my boxes, seems to be 1200s (20m). You can set it temporarily (until reboot) with the command

    sysctl net.link.ether.inet.max_age=1200

    If you want to make it permanent, add a line to /etc/sysctl.conf

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy