High ARP cache usage-juniper-junos

Knowledge
, , ,
#1

High ARP cache usage-juniper-junos

Vendor: juniper

OS: junos

Description:
Indeni will alert when the number of ARP entries stored by a device is nearing the allowed limit.

Remediation Steps:
Identify the cause of the large ARP table. If it is due to a legitimate cause, such as a high number of hosts visible on the available networks, please contact your technical support provider.

junos-show-arp-no-resolve

name: junos-show-arp-no-resolve
description: JUNOS get ARP table information
type: monitoring
monitoring_interval: 5 minute
requires:
  vendor: juniper
  os.name: junos
  product: firewall
comments:
  arp-total-entries:
    why: |
      A network device which forwards traffic needs to know the MAC addresses of devices it is directly connected to, so it can send traffic on layer 2.
      To do this, it uses ARP requests. The ARP replys are stored in a cache which allows the device to avoid doing ARP requests again and again for the same destination IP.
      The ARP cache has a finite size to avoid using up all of the available memory. If the ARP cache fills up with entries, some traffic may be dropped or drastically slowed down.
    how: |
      This script retrieves the information from the ARP table via SSH connection to the device by running the "show arp no-resolve" command.
    can-with-snmp: false
    can-with-syslog: false
  arp-table:
    why: |
      The ARP table stores the mapping between IPs and MAC addresses to minimize the ARP traffic.
      The size of the ARP table and the incorrect mapping between IPs and MAC addreses can create many different issues for the network. So it is critical to monitor it.
    how: |
      This script retrieves the information from the ARP table via SSH connection to the device by running the command  "show arp no-resolve" command.
      Then it extracts IPs, MAC addresses, interfaces and status. It also shows the total entries in the ARP table.
    can-with-snmp: true
    can-with-syslog: false
steps:
  -   run:
        type: SSH
        command: show arp no-resolve | display xml
      parse:
        type: XML
        file: show-arp-no-resolve.parser.1.xml.yaml

arp_neighbor_overflow

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/arp_neighbor_overflow.scala