Skip to main content
NetApp Knowledge Base

ARP broadcast storm: Information and Effects

  1. Last updated
  2. Save as PDF
Views:
1,311
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9 
  • Clustered Data ONTAP

Description 

What is the following event reported on /mroot/etc/log/ems and what can be the impact?

Example:

"[XXXXXX: NwkThd_0X netif.rateLimitThreshold:error]: High rate limit on the network interface e0* for broadcast protocol ARP is detected"

Answer

  • This message is an indication of an incoming ARP broadcast storm.
    • It is generated from a process that monitors the inflow and indicates us in case of any unusual events.
    • The interface received a very high number (>5000 in this case) of ARP broadcast packets in the last second of monitoring.
    • The system also follows a discarded window of half a second (500 ms) just after this to cool off a bit.
      • Note: This message occurs when the protocol rate threshold is reached on a network interface.
  • Corrective Action:
    • Fix the faulty network configuration or incorrect setup that enables a sudden spike in broadcast packets to bring down the node.

Additional Information

  • Historically, these kinds of storms are generated due to network mis-configuration like a loop or a misbehaving network device.
  • Check for any such activities around the same time-frame on the devices that are connected to the same broadcast domain of those ports.
  • In some situations, these ARP storms can lead the system to be unresponsive or eventually to disruption as they can exhaust the network resources.
  • Capturing a packet trace on the concerned interface can be helpful to pinpoint the device causing the large amount of ARP broadcast packets
  • How to capture packet traces on ONTAP 9.10+ systems

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.