How to Check and Modify Default ARP Cache Timeout in Linux (Debian/Kernel 3.x+)


4 views

In Linux systems, the Address Resolution Protocol (ARP) cache temporarily stores IP-to-MAC address mappings. The default timeout determines how long these entries remain valid before being refreshed. This becomes particularly important in network troubleshooting and performance tuning scenarios.

To inspect your current ARP cache timeout values (in milliseconds):

cat /proc/sys/net/ipv4/neigh/default/gc_stale_time
cat /proc/sys/net/ipv4/neigh/default/base_reachable_time

For interface-specific settings (replace eth0 with your interface):

cat /proc/sys/net/ipv4/neigh/eth0/gc_stale_time
cat /proc/sys/net/ipv4/neigh/eth0/base_reachable_time

To temporarily change these values (effective until reboot):

sudo sysctl -w net.ipv4.neigh.default.gc_stale_time=60000
sudo sysctl -w net.ipv4.neigh.default.base_reachable_time_ms=30000

For permanent changes, add these lines to /etc/sysctl.conf:

net.ipv4.neigh.default.gc_stale_time = 60000
net.ipv4.neigh.default.base_reachable_time_ms = 30000

When debugging frequent ARP cache misses on a Debian server:

# Check current ARP table
arp -vn

# Monitor ARP traffic
sudo tcpdump -i eth0 arp

# Adjust timeout for testing
sudo sysctl -w net.ipv4.neigh.eth0.base_reachable_time_ms=120000

For kernel 3.x and newer, additional parameters might affect ARP behavior:

# ARP cache size limits
cat /proc/sys/net/ipv4/neigh/default/gc_thresh1
cat /proc/sys/net/ipv4/neigh/default/gc_thresh2
cat /proc/sys/net/ipv4/neigh/default/gc_thresh3

After making changes, verify with:

arp -a
ip neigh show

Monitor ARP cache statistics:

cat /proc/net/stat/arp_cache

In Linux systems, the Address Resolution Protocol (ARP) cache maintains a mapping between IP addresses and MAC addresses. The kernel automatically manages this cache with default timeout values that vary depending on your distribution and kernel version.

To inspect the current ARP cache timeout value on Debian systems, you can examine these kernel parameters:


# Check the base ARP cache timeout (in seconds)
cat /proc/sys/net/ipv4/neigh/default/gc_stale_time

# Check the ARP cache refresh rate
cat /proc/sys/net/ipv4/neigh/default/base_reachable_time_ms

For temporary changes (lost after reboot):


# Set base reachable time to 30 seconds (30000ms)
sudo sysctl -w net.ipv4.neigh.default.base_reachable_time_ms=30000

# Set stale time to 60 seconds
sudo sysctl -w net.ipv4.neigh.default.gc_stale_time=60

For permanent changes, add these lines to /etc/sysctl.conf:


net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.gc_stale_time = 60

Here's a Python script to monitor ARP cache changes with custom timeout settings:


import os
import time

def set_arp_timeout(base_time=30000, stale_time=60):
    os.system(f"sudo sysctl -w net.ipv4.neigh.default.base_reachable_time_ms={base_time}")
    os.system(f"sudo sysctl -w net.ipv4.neigh.default.gc_stale_time={stale_time}")

def monitor_arp_cache(interface='eth0', interval=5):
    while True:
        os.system(f"arp -n -i {interface}")
        time.sleep(interval)

if __name__ == "__main__":
    set_arp_timeout()
    monitor_arp_cache()

When troubleshooting network connectivity problems, consider these commands:


# View current ARP cache entries
arp -n

# Flush specific ARP entry
sudo arp -d 192.168.1.100

# View ARP cache statistics
cat /proc/net/stat/arp_cache

For systems with frequent network topology changes, you might want to implement dynamic timeout adjustment:


#!/bin/bash

# Adjust ARP timeout based on network activity
NETWORK_ACTIVITY=$(netstat -i | grep eth0 | awk '{print $8}')

if [ $NETWORK_ACTIVITY -gt 1000 ]; then
    # Busy network - shorter timeout
    sudo sysctl -w net.ipv4.neigh.default.base_reachable_time_ms=15000
else
    # Normal network - standard timeout
    sudo sysctl -w net.ipv4.neigh.default.base_reachable_time_ms=30000
fi