High ARP cache usage-juniper-junos
Indeni will alert when the number of ARP entries stored by a device is nearing the allowed limit.
Identify the cause of the large ARP table. If it is due to a legitimate cause, such as a high number of hosts visible on the available networks, please contact your technical support provider.
name: junos-show-arp-no-resolve description: JUNOS get ARP table information type: monitoring monitoring_interval: 5 minute requires: vendor: juniper os.name: junos product: firewall comments: arp-total-entries: why: | A network device which forwards traffic needs to know the MAC addresses of devices it is directly connected to, so it can send traffic on layer 2. To do this, it uses ARP requests. The ARP replys are stored in a cache which allows the device to avoid doing ARP requests again and again for the same destination IP. The ARP cache has a finite size to avoid using up all of the available memory. If the ARP cache fills up with entries, some traffic may be dropped or drastically slowed down. how: | This script retrieves the information from the ARP table via SSH connection to the device by running the "show arp no-resolve" command. can-with-snmp: false can-with-syslog: false arp-table: why: | The ARP table stores the mapping between IPs and MAC addresses to minimize the ARP traffic. The size of the ARP table and the incorrect mapping between IPs and MAC addreses can create many different issues for the network. So it is critical to monitor it. how: | This script retrieves the information from the ARP table via SSH connection to the device by running the command "show arp no-resolve" command. Then it extracts IPs, MAC addresses, interfaces and status. It also shows the total entries in the ARP table. can-with-snmp: true can-with-syslog: false steps: - run: type: SSH command: show arp no-resolve | display xml parse: type: XML file: show-arp-no-resolve.parser.1.xml.yaml
Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/arp_neighbor_overflow.scala