ARP overflow? Help!
Feb 15 15:13:27 outlaw kernel: Neighbour table overflow.
Feb 15 15:13:32 outlaw kernel: NET: 238 messages suppressed.
Feb 15 15:13:32 outlaw kernel: Neighbour table overflow.
Feb 15 15:13:37 outlaw kernel: NET: 244 messages suppressed.
Feb 15 15:13:37 outlaw kernel: Neighbour table overflow.
A few searches pointed us at the ARP cache. So we raised the ceiling on the ARP cache. 'arp -n' shows hundreds and hundreds of remote machines using the MAC address of our border router. No other machine on the network has remote addresses like this.
'tcpdump arp' shows lots of arp requests (I think) from our nameserver (outlaw) out to nameservers on the net:
21:49:33.079962 arp who-has ns01b.nameservers.net tell outlaw.modwest.com
21:49:33.080944 arp reply ns01b.nameservers.net is-at 0:e0:1e:b4:62:70
21:49:33.210835 arp who-has dns-rl02.proxy.aol.com tell ns1.missoulaweb.com
21:49:33.211809 arp reply dns-rl02.proxy.aol.com is-at 0:e0:1e:b4:62:70
21:49:33.636394 arp who-has resone.univ-rennes1.fr tell outlaw.modwest.com
21:49:33.637334 arp reply resone.univ-rennes1.fr is-at 0:e0:1e:b4:62:70
These same remote addresses are also in our ARP cache now.
Rebooting the box doesn't help.
Possibly related -- had some trouble with named restarting as well.
Thanks for any pointers. Everything seems to be working, but this surely isn't 'normal'.
