Over-utilisation of v6 neighbour slots
Phil Mayers
p.mayers at imperial.ac.uk
Mon Oct 28 22:53:06 CET 2013
On 21/10/13 20:35, Phil Mayers wrote:
> Specifically, our Cisco 6500/sup720 ran out of IPv6 FIB slots, as
> num_routes + num_neighs exceeded 32k (the default IPv4/IPv6 TCAM split
> on this platform being 192k/32k).
I wanted to follow up on this. Some folks from Cisco kindly contacted me
off-list, and correctly guessed that a large number of the IPv6
neighbour entries were in state "STALE", and pointed me to the
relatively new:
ipv6 nd cache expire <seconds>
...interface-level command. This wasn't in the IOS train we were running
until relatively recently, so I hadn't seen it before.
Having applied this, we saw a sharp drop in v6 neighbour count, although
it didn't seem to take effect on existing entries - I was able to force
it by flapping the interface and refreshing all the neighbours.
The entries seem to expire after "ipv6 nd cache expire" + "ipv6 nd
reachable-time" i.e. I see a max age in the neighbour table of 24
minutes for parameter values of "1200" and "300000" (in seconds and
milliseconds) respectively.
There are also a bunch of newer per-interface ND commands (per-IF ND
cache size limits, for example) that could help with resource
exhaustion, so people on Cisco gear should take a look.
More information about the ipv6-ops
mailing list