Neighbour table overflow

March 16, 2009 - General Linux Stuff
We had an OES 1 box that was unable to communicate on the network, it was acting like it was recieving a DOS attack but traffic analysis did not indicate this. What we found was a situation where the server was on a network with considerable more hosts then the default ARP cache was able to maintain. The default threshold levels were set too low. We doubled the threshold limits using the information below.


How to resolve “Neighbour table overflow” problem?



Gnu/Linux servers (when used extensively as a server) throw the following messages in log file

  kernel: Neighbour table overflow.
  kernel: printk: 100 messages suppressed.
  kernel: Neighbour table overflow.
  kernel: printk: 151 messages suppressed.
  kernel: Neighbour table overflow.

The solution to the problem is to increase the threshold level for the network devices

To check the present threshold level 1

cat /proc/sys/net/ipv4/neigh/default/gc_thresh1

It will give some value as 128 or 256 or 512.

This can be increased to the next level.Like if the value is 128 then

make the thresh1 value as 256 and thresh2 as 512 and thresh3 as 1024.

echo 256 > /proc/sys/net/ipv4/neigh/default/gc_thresh1

echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh2

echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh3

This will stop the Error messages that were recieved in the log file

This was reposted from

Leave a Reply