On Sat, May 10, 2014 at 9:58 PM, Aaron C. de Bruyn <aa...@heyaaron.com> wrote: > > Slightly OT, but why would they have ARP cache timeouts of four hours? What > benefit do you get with such high cache times as opposed to the obvious > support calls you will get when equipment is swapped around? >
That's Cisco's default and others aren't too far from that generally. I believe that's something that hasn't changed since originally implemented decades ago. Originally, it was likely because networks were slow and not switched, so you didn't want to chew up a lot of bandwidth just handling ARP. As with many cases along those lines, it got entrenched and once a vendor sets a specific default, they tend to not want to change it. That's largely educated guessing, as I'm not completely sure the reasoning, just that it's been like that more or less forever. Yes, with modern networks, in a lot of cases it's really not sensible to hang onto your ARP cache for hours. A number of cable modems are worse than 4 hours. I can think of a handful of times over the last 7 years or so, with the most recent being a couple months ago, where a support customer got in touch with us after trying to move some IPs and messing with it for multiple days and couldn't make it work. Packet capture on WAN for the affected IPs, check the destination MAC, see something other than the firewall. Ask "What's this X MAC?" "The old box we unplugged last week." Power cycle cable modem, all is well. _______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
