Script to count ARP entries on all fw interfaces

Document created by Kenny Manrique on Sep 26, 2018
Version 1Show Document
  • View in full screen mode

Recently I experienced a support ticket where ARP table of Firewall was full. It was a little confusing to get which interface was the one causing the issue since was necessary to verify interfaces one by one and customer had a lot of subinterface on multiple bonds.

So i decided to create a basic script to get all firewall interfaces (fw getifs) and count how many ARP entries are seen on each one (arp -a) ordered descending by number of entries. At the end it sums the total of ARP entries.


The script has a lot of room for improvement (validations also) and perhaps someone can convert to a one-liner.


Please note the following:

  •  The script does not consider local Proxy ARP entries (fw ctl arp)
  • <incomplete> entries of arp command are also counted
  • The source is defined for R80, feel free to change for a lower version.

 

Here is an output for the script:

Attachments

Outcomes