HPE Community
Operating System - HP-UX
1833294 Members
3038 Online
110051 Solutions
New Discussion

Re: NDD parameter arp_cleanup_interval

 
Darrel Louis
Honored Contributor

‎04-12-2005 01:11 AM

‎04-12-2005 01:11 AM

NDD parameter arp_cleanup_interval

Hi L & G,

I've a problem with a server when setting the arp_cleanup_interval to 60000.
After a reboot the server cannot be reached anymore (ping and/or ssh-connect).
What could be the cause?
The default value is 300000(5 mins), what could be the harm to leave it at this.

Are there other values that could be causing a conflict?

Thanx

Darrel
0 Kudos
11 REPLIES 11
RAC_1
Honored Contributor

‎04-12-2005 01:18 AM

‎04-12-2005 01:18 AM

Re: NDD parameter arp_cleanup_interval

I think you are setting it two low.

$ndd -h arp_cleanup_interval

arp_cleanup_interval:

The amount of time that non-permanent, resolved entries
are permitted to remain in ARP's cache.[30000, 3600000]
Default: 300000 (5 minutes)

Leave it at default.
There is no substitute to HARDWORK
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎04-12-2005 01:54 AM

‎04-12-2005 01:54 AM

Re: NDD parameter arp_cleanup_interval

I think You might want to try to add a static entry for the servers NIC in HP-UX - probably it looses it's interface route or something like that.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
rick jones
Honored Contributor

‎04-13-2005 04:31 AM

‎04-13-2005 04:31 AM

Re: NDD parameter arp_cleanup_interval

Someone probably setup a route "by hand" with the route command and did not make the corresponding changes in /etc/rc.config.d/netconf . Make sure that netstat -rn shows all the routes it should.

Also, if the connectivity goes away a short time after boot, that means your router is not responding to the ICMP echo requests (pings) that HP-UX can send as part of dead gateway detection. That is controlled via ip_ire_gw_probe.

Any particular reason you wanted to shrink arp_cleanup_interval?
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Darrel Louis
Honored Contributor

‎04-13-2005 06:52 AM

‎04-13-2005 06:52 AM

Re: NDD parameter arp_cleanup_interval

Hi,

Sorry for the late reply.
I'll give you my points when I've tested your suggestions.

Anil:
What is to low. Why is it working when default is set?
When you check several security docs, it's saying to set it to 60000.
eg: http://www.cisecurity.org

Florian:
It could be, but why is it working when the default is set. (5min)

Rick:
The gateway has been set during installation.

The server is in a VLAN network env. and secure.
Is it necessary at all to set it to 60000?
Or could the VLAN be the cause?

Will test it on friday and let you know.
Any test suggestions are welcome.

Thanx

Darrel


0 Kudos
rick jones
Honored Contributor

‎04-13-2005 07:09 AM

‎04-13-2005 07:09 AM

Re: NDD parameter arp_cleanup_interval

OK, so I've doe a _quick_ read of their benchmark document for HP-UX - they do not seem to say _why_ they think that the arp_cleanup_interval needs to be 60000. Most of the other stuff is reasonably straighforward - disabling IP forwarding and the like.

Sure would be nice to know why they think arp_cleanup_interval needs to be 60000 rather than just telling people to apply it blindly...

BTW, you can change ndd settings on the fly with the ndd command, no need to reboot. So, to make sure it is indeed the arp_cleanup_interval and not something else, you might boot with it set to defaults and then alter with ndd on the running system and see if your connectivity changes.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Darrel Louis
Honored Contributor

‎04-13-2005 07:29 AM

‎04-13-2005 07:29 AM

Re: NDD parameter arp_cleanup_interval

Rick,

Sorry didn't mention it in my question.
When setting it on the fly, it's working.
But when setting it in nddconf it doesn't work.

Thx

Darrel
0 Kudos
rick jones
Honored Contributor

‎04-13-2005 07:48 AM

‎04-13-2005 07:48 AM

Re: NDD parameter arp_cleanup_interval

That things work when set on the fly versus in the nddconf file is a fairly important distinction... :)

How many entries do you have in the nddconf file? Any chance you got an index messed-up somewhere? Or some other typo?
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Jeff Schussele
Honored Contributor

‎04-13-2005 07:52 AM

‎04-13-2005 07:52 AM

Re: NDD parameter arp_cleanup_interval

Hi Darrel,

In the nddconf file check:

1) That you have a unique index number value.
2) There are no typos - should look like

TRANSPORT_NAME[4]=arp
NDD_NAME[4]=arp_cleanup_interval
NDD_VALUE[4]=60000

use the proper & *unique* index value of course.

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Darrel Louis
Honored Contributor

‎04-13-2005 08:00 AM

‎04-13-2005 08:00 AM

Re: NDD parameter arp_cleanup_interval

Rick,

Attached the nddconf file.
Maybe I don't see it.
I've also checked with: "cat -vet nddconf"
To check for strange characters.

Thx
Darrel
0 Kudos
rick jones
Honored Contributor

‎04-13-2005 08:06 AM

‎04-13-2005 08:06 AM

Re: NDD parameter arp_cleanup_interval

On the surface it looks OK. There was, a long time ago, a problem with something like 10 or more entries in the nddconf file, but I was under the impression that was fixed quite some time ago. Still, might check for ndd patches. It is a bit of a straw grab though.

Also, check the /etc/rc.log file from bootup.
there is no rest for the wicked yet the virtuous have no pillows
0 Kudos
Darrel Louis
Honored Contributor

‎04-19-2005 09:54 AM

‎04-19-2005 09:54 AM

Re: NDD parameter arp_cleanup_interval

I think it was caused by two nddconf files in /etc/rc.config.d
- nddconf
- nddconf.org

After I've moved the nddconf.org, I could connect and ping the server after a reboot.

Thanx for the support

Darrel
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.