This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2019-03-29 09:40 AM
Jump to solution

ARP table size increase is not surviving the reboot

Has anyone run in to it after the upgrade to R80.20?

0 Kudos
1 Solution

Accepted Solutions
JozkoMrkvicka
Authority
Authority
‎2019-03-29 01:03 PM
In response to Vladimir
Jump to solution

We are using /etc/rc.local file for similar cases. In this case, here is one-time command which will make sure that parameter will survive a reboot:

# echo "echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3" >> /etc/rc.local

 But be aware that the current threshold level for ARP cache on Gaia OS:

  • In Gaia Clish:

    HostName> show arp table cache-size

  • In Expert mode:

    [Expert@HostName:0]# dbget ip:arp:cache_size

Will still give you original value configured via clish command (not that one set via echo).

So maybe the better way would be to use bash/clish command:

# echo "clish -c 'set arp table cache-size 4096'" >> /etc/rc.local

 

Kind regards,
Jozko Mrkvicka

View solution in original post

14 Replies
HeikoAnkenbrand
MVP Gold
MVP Gold
‎2019-03-29 09:53 AM
Jump to solution

Hi @Vladimir 

This doesn't work after a reboot:

> set arp table cache-size 4096
> save config

A quick and dirty solution:-)

Add the following to the start script until the problem is solved by Check Point TAC!

echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

 

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Vladimir
Champion
Champion
‎2019-03-29 09:58 AM
In response to HeikoAnkenbrand
Jump to solution

Thank you @HeikoAnkenbrand !

HeikoAnkenbrand
MVP Gold
MVP Gold
‎2019-03-29 09:58 AM
In response to HeikoAnkenbrand
Jump to solution

Still from the good old SPLAT times under R65:-)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Vladimir
Champion
Champion
‎2019-03-29 10:01 AM
In response to HeikoAnkenbrand
Jump to solution

$#!!, now I remember running into it years ago 🙂

0 Kudos
HeikoAnkenbrand
MVP Gold
MVP Gold
‎2019-03-29 10:08 AM
In response to Vladimir
Jump to solution

Still works today. Shouldn't read the R&D team:-)

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Vladimir
Champion
Champion
‎2019-03-29 10:09 AM
In response to HeikoAnkenbrand
Jump to solution

Heiko, in the context of VSX, would this be a global setting for the entire VSX box, or is there a way to do it for individual VS?

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-29 10:56 AM
In response to Vladimir
Jump to solution

Looks like a global setting.
0 Kudos
Vladimir
Champion
Champion
‎2019-03-29 11:15 AM
In response to PhoneBoy
Jump to solution

Well, if this is issue still persists to date, perhaps sk43772 should be rewritten, as it is still explicitly states:

 

Gaia Portal / Gaia Clish will override any settings placed in the /etc/sysctl.conf file. Any changes made to this file do not take effect after a reboot.

To configure threshold level for ARP cache on Gaia OS:

Note: Gaia OS accepts maximal threshold level of 16384.

  • In Gaia Portal:

    Go to Network Management section - click on ARP page - go to section ARP Table Settings section - enter the desired value in Maximum Entries field.

  • In Gaia Clish:

    HostName> set arp table cache-size <Number_of_Entries>
    HostName> save config

To check the current threshold level for ARP cache on Gaia OS::

  • In Gaia Clish:

    HostName> show arp table cache-size

  • In Expert mode:

    [Expert@HostName:0]# dbget ip:arp:cache_size

Notes:

  • Once set in the Gaia Portal / Gaia Clish, the settings will survive a reboot.
  • Settings are applies immediately (reboot, restart of any services, policy installation are not required)

The Maximum Entries value in the Gaia Portal corresponds to gc_thresh3 parameter in Linux kernel.

Note: In Gaia OS, the value of gc_thresh1 and the value of gc_thresh2 are automatically determined by the value of gc_thresh3 value:

  • value of gc_thresh1 is 1/8 the value of gc_thresh3
  • value of gc_thresh2 is 1/2 the value of gc_thresh3

 

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-03-29 01:03 PM
In response to Vladimir
Jump to solution

We are using /etc/rc.local file for similar cases. In this case, here is one-time command which will make sure that parameter will survive a reboot:

# echo "echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3" >> /etc/rc.local

 But be aware that the current threshold level for ARP cache on Gaia OS:

  • In Gaia Clish:

    HostName> show arp table cache-size

  • In Expert mode:

    [Expert@HostName:0]# dbget ip:arp:cache_size

Will still give you original value configured via clish command (not that one set via echo).

So maybe the better way would be to use bash/clish command:

# echo "clish -c 'set arp table cache-size 4096'" >> /etc/rc.local

 

Kind regards,
Jozko Mrkvicka
HeikoAnkenbrand
MVP Gold
MVP Gold
‎2019-03-30 10:47 AM
In response to JozkoMrkvicka
Jump to solution

Hi @JozkoMrkvicka 

This is a very nice solution:

# echo "clish -c 'set arp table cache-size 4096'" >> /etc/rc.local

 Gives me the idea to more dirty hacksSmiley LOL

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Itaiw
Employee
Employee
‎2019-03-31 06:36 AM
In response to HeikoAnkenbrand
Jump to solution

Hi @Vladimir 

Using the  following clish commands to change the arp table size and save the configuration should survive after reboot (and did survive in my tests)

> set arp table cache-size 4096
> save config

Please open a technical service request to CeckPoint support to investigate the problem on your machine.

0 Kudos
Brian_Deutmeyer
Collaborator
‎2019-09-23 01:51 PM
In response to Itaiw
Jump to solution

How many arp entries can my table hold if my size is 4096?  I'm unsure if this maps 1 to 1, like one arp entry means 1 spot from 4096 (4096 - 1 = 4095 arp entries left)?

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2019-09-24 05:30 AM
In response to Brian_Deutmeyer
Jump to solution

Yes it is a one-to-one mapping, the 4096 corresponds to a variable called gc_thresh3 which specifies the hard maximum of IP to MAC address mappings in the table.  gc_thresh2is typically 1/2 of gc_thresh3 and specifies when more aggressive garbage collection starts in an attempt to free up table entries and avoid a "Neighbour table overflow" condition.  This situation can impact performance and was covered on pages 66-70 of my "Max Power" book.

 

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Brian_Deutmeyer
Collaborator
‎2019-09-24 12:02 PM
In response to Timothy_Hall
Jump to solution

Perfect!  I just read the pages (2nd edition) and it was helpful.  Thanks again.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events