Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Untanglit
    Join Date
    Feb 2017
    Posts
    17

    Default ARP Timer Setting

    I have been having issues with the internet dropping pretty much every 4 hours. Causing attempting to reconnect on remote users. Local users see it if they are utilizing cloud based apps - but for the most part it goes unnoticed in the local office. I can see it in the logs. Working with the local ISP and they said that the ARP timeout needs to be set to 1 hour or less instead of 4 hours. I cannot find an option to adjust. The disconnects only last a few seconds - but enough to interrupt things.
    Last edited by FlyboyLDB; 09-24-2020 at 08:17 AM.

  2. #2
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,410

    Default

    Open a support ticket is what I would do. My guess making it 1 hour might make it 4 times worse. LOL

  3. #3
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,321

    Default

    The GUI has no field for this setting. I would open a feature request. https://feedback.untangle.com/
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,810

    Default

    4 hours for an ARP timeout? In the age of wifi and roaming between access points moment to moment, that's kind of insane. 1 hour or less? It's only a few minutes here for most cases.

    4 hours was the old default on cisco equipment before NXOS. Newer Cisco devices use 25 minutes, and newer HP/Aruba devices use 20 minutes.

    That said, if ARP expirations are causing issues, you likely have deeper problems in the network.
    Last edited by jcoehoorn; 09-24-2020 at 09:13 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    Yeah, ARP needs to get an answer when it asks, doesn't matter how frequently.

    If your ISP cannot ensure an ARP response from your cable modem (or whatever is in that position) to your device when they're separated by inches of networking cable... You have issues... big monster sized ones. Get a new ISP level issues. I realize that may not be possible, but that's the realm we're dealing with.

    By the way, the default Debian "base_reachable_time", which is the ARP cache timeout, is 30min. Which is exactly what Untangle uses.

    Your ISP support hasn't fixed their network, and they're blowing smoke up your arse to get you off the phone. ARP must respond whenever a device asks, if it doesn't you're down. Period... end of sentence. If you have a frame delivery problem sufficient to prevent ARP, nothing else is passing that link either.

    I suggest you call them back and get a new tech, because the one you spoke with that gave you this swill needs schooling, then training. He or she is way off the reservation. Though I suppose it is useful to know that if you had an older Cisco device on this link you'd have a problem. But that isn't the case here, Untangle checks ARP every half hour.
    Last edited by sky-knight; 09-24-2020 at 09:47 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Untanglit
    Join Date
    Feb 2017
    Posts
    17

    Default

    I was told Untangle is using 4 hours. I have no idea what the current Cisco is using - but it is amendable from their UI. EPB (ISP) is top notch. Was the first in the US to offer gig fiber to every business\residential in the Chattanooga area. Only have I ran into this issue with Untangle appliances on their system.....so it points to Untangle. It's unfortunate that we will have to roll back to SonicWall or Cisco. Like clock work the Untangle WAN port disconnects every 4 hours with the arp. I did open up a support ticket. Was told to create a cronjob from the command line to run every when I need it to.

  7. #7
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,410

    Default

    Acording to this https://www.embeddedsystemtesting.co...x-windows.html linux default is 60 minutes.
    On my 16.0 RC
    Code:
    cat /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
    60
    So where did they get 4 hours?
    Last edited by donhwyo; 09-24-2020 at 02:39 PM. Reason: minutes not seconds

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    Who told you Untangle used 4 hours? Because whomever that was, is simply incorrect.

    You can see it for yourself if you wish open SSH to Untangle and do this:

    cat /proc/sys/net/ipv4/neigh/eth0/base_reachable_time

    It'll spit back 30.

    And for the record, gc_stale_time is NOT the timeout, that's how frequently the OS looks for stale records. base_reachable_time_ms or base_reachable_time reports now long the ARP entry is actually considered valid.

    Untangle uses Debian 10 defaults, I've verified this with a fresh Debian installation on both of these values. It will check for stale records once an hour, but the values themselves expire every half hour. In effect, this means the ARP entries die every hour.

    Untangle doesn't really muck about with ARP at all, the Debian kernel is doing all of that. That is, unless they've kicked the kernel to ignore sysctl variables.

    And I realize the ISP has treated you well, but what you're saying here is they're incompatible with Linux based routers. Which is bonkers, because the things you've said you'll roll back to are also Linux based routers.
    Last edited by sky-knight; 09-24-2020 at 01:39 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Untanglit
    Join Date
    Feb 2017
    Posts
    17

    Default

    I spent some time on the phone with the ISP today going thru their logs. The ISP is saying their equipment sends out an arp request and if it does not get a response within 4 hours - then their equipment drops the connection. Once the connection re-establishes their equipment will wait another 4 hours for a response. According to the ISP - the Untangle box is not responding to the arp request. I guess my next step is to replace the Untangle box with another temp set up and see what happens. This would be a first for me to have a NIC port work fine for everything except arp responses.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,541

    Default

    That makes sense, and indeed strange. It's certainly not normal Untangle behavior.

    How old is that installation?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2