1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Is there anyway to silence "Neighbour table overflow" log entries?

Discussion in 'Tomato Firmware' started by LanceMoreland, Sep 23, 2012.

  1. LanceMoreland

    LanceMoreland Network Guru Member

    My logs are full of "Neighbour table overflow" entries. Everything is working fine, I would just like to prevent this error from being logged. I haven't found any way to prevent the errors which results from enabling IPv6.
     
  2. LanceMoreland

    LanceMoreland Network Guru Member

    This is what my router logs look like:

    Sep 29 08:00:01 Tomato-1 syslog.info root: -- MARK --
    Sep 29 08:18:44 Tomato-1 user.warn kernel: printk: 50 messages suppressed.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 08:18:44 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:00:01 Tomato-1 syslog.info root: -- MARK --
    Sep 29 09:57:16 Tomato-1 user.warn kernel: printk: 143 messages suppressed.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:16 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:21 Tomato-1 user.warn kernel: printk: 197 messages suppressed.
    Sep 29 09:57:21 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 09:57:27 Tomato-1 user.warn kernel: printk: 134 messages suppressed.
    Sep 29 09:57:27 Tomato-1 user.warn kernel: Neighbour table overflow.
    Sep 29 10:00:01 Tomato-1 syslog.info root: -- MARK --
     
  3. kthaddock

    kthaddock Network Guru Member

  4. LanceMoreland

    LanceMoreland Network Guru Member

  5. kthaddock

    kthaddock Network Guru Member

  6. LanceMoreland

    LanceMoreland Network Guru Member

    Thanks. I was unable to find anything that addressed IPv6 overflow issues.
    I'm not sure how to implement this into my router.
    Any ideas?
     
  7. LanceMoreland

    LanceMoreland Network Guru Member

    Would increasing the hash table size to 4096 under Advanced/Conntrack/Netfilter/Connections help?
     
  8. mstombs

    mstombs Network Guru Member

    To access those settings in tomato need to use the proc interface, to read all all the default ipv6 settings use

    Code:
     for f in /proc/sys/net/ipv6/neigh/default/*; do echo $f=$(cat $f);done
    with output on my router

    Code:
    /proc/sys/net/ipv6/neigh/default/anycast_delay=100
    /proc/sys/net/ipv6/neigh/default/app_solicit=0
    /proc/sys/net/ipv6/neigh/default/base_reachable_time=30
    /proc/sys/net/ipv6/neigh/default/base_reachable_time_ms=30000
    /proc/sys/net/ipv6/neigh/default/delay_first_probe_time=5
    /proc/sys/net/ipv6/neigh/default/gc_interval=30
    /proc/sys/net/ipv6/neigh/default/gc_stale_time=60
    /proc/sys/net/ipv6/neigh/default/gc_thresh1=128
    /proc/sys/net/ipv6/neigh/default/gc_thresh2=512
    /proc/sys/net/ipv6/neigh/default/gc_thresh3=1024
    /proc/sys/net/ipv6/neigh/default/locktime=0
    /proc/sys/net/ipv6/neigh/default/mcast_solicit=3
    /proc/sys/net/ipv6/neigh/default/proxy_delay=80
    /proc/sys/net/ipv6/neigh/default/proxy_qlen=64
    /proc/sys/net/ipv6/neigh/default/retrans_time=100
    /proc/sys/net/ipv6/neigh/default/retrans_time_ms=1000
    /proc/sys/net/ipv6/neigh/default/ucast_solicit=3
    /proc/sys/net/ipv6/neigh/default/unres_qlen=3
    
    To change any particular value use, for example

    Code:
    echo 1024 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
    and to check its taken

    Code:
    cat /proc/sys/net/ipv6/neigh/default/gc_thresh2
    1024
    if you find which setting you need, and there are also versions for each interface, the the "echo" commands can be put into an init script or firewall script with appropriate delays - probably needs source code edit/recompile to change the defaults
     
  9. koitsu

    koitsu Network Guru Member

    This is what you want. This goes under Scripts -> Init.

    Code:
    #
    # Increase ARP cache sizes and GC thresholds; may alleviate "Neighbour table
    # overflow" warnings that some users are seeing.  Do this for both IPv4 and
    # IPv6.
    #
    # http://www.linksysinfo.org/index.php?threads/ipv6-and-comcast.38006/page-2#post-184563
    # 
    echo  256 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
    echo 1024 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
    echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
    echo  256 > /proc/sys/net/ipv6/neigh/default/gc_thresh1
    echo 1024 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
    echo 2048 > /proc/sys/net/ipv6/neigh/default/gc_thresh3
    
     
    bortle likes this.
  10. LanceMoreland

    LanceMoreland Network Guru Member

    Thank you. The values stuck when I executed them in Tools/System and I put this in the init script so that they execute on a reboot:

    echo 512 > /proc/sys/net/ipv6/neigh/default/gc_thresh1
    echo 1024 > /proc/sys/net/ipv6/neigh/default/gc_thresh2
    echo 2048 > /proc/sys/net/ipv6/neigh/default/gc_thresh3

    Now to see if the errors go away.

    Edit: We were typing at the same time. Do you think I need the IPv4 entries?
     
  11. LanceMoreland

    LanceMoreland Network Guru Member

    I checked the logs and found this:
    user.warn kernel: process `cat' is using deprecated sysctl (syscall) net.ipv6.neigh.default.base_reachable_time; Use net.ipv6.neigh.default.base_reachable_time_ms instead.
     
  12. koitsu

    koitsu Network Guru Member

    I didn't specify this sysctl/tunable in my example, so I don't know what's causing this error to happen. Please do not just blindly pick/set values. Try what I recommended and remove whatever other values/sysctls people told you to set.
     
  13. koitsu

    koitsu Network Guru Member

    Yes, because the error messages from the kernel do not specify if they're complaining about IPv6 or IPv4. Furthermore, there's no harm to increasing them for a protocol that isn't experiencing this problem (in other words, if IPv4 isn't causing this complication, adjusting the settings will not hurt/harm you in any way/shape/form). This only applies to the settings I listed above.
     
  14. mstombs

    mstombs Network Guru Member

    The error message comes from the cat all command in the "for f in" command, its a currently available option but must be marked deprecated and they are just discouraging use, not a problem!
     
  15. LanceMoreland

    LanceMoreland Network Guru Member

    Okay, I have your entire script in Scripts -> Init and have rebooted.

    I'll report back in a few hours, hopefully with no more errors

    Understood Thanks.
     
  16. LanceMoreland

    LanceMoreland Network Guru Member

    Well this seems to have fixed the issue. Thanks all for the help. Maybe we can get this and the IPv6 wan script that makes native IPv6 work rolled into the next builds.
     
  17. kthaddock

    kthaddock Network Guru Member

    Nice It's working !
     
  18. LanceMoreland

    LanceMoreland Network Guru Member

    Yep. My logs are going on 18 hours of being clean of errors. This is an issue that had been bugging me for over a year now, since I started using IPv6. I am glad that we were able to resolve it.
     
  19. pharma

    pharma Network Guru Member

    Koitsu,

    Many thanks for the script! It resolved receiving tons of "Neighbour table overflow" log messages.
     
  20. Morac

    Morac Network Guru Member

    I have this is my start up script, but lately I'm seeing "Neighbor Table Overflow" errors in the logs again. They come in spurts once or twice a day. Also dnsmasq is being killed with SIGTERM every now and then.
     
  21. LanceMoreland

    LanceMoreland Network Guru Member

    This is what I am now using in my firewall script:

    ip6tables -A PREROUTING -t mangle -p icmpv6 --icmpv6-type neighbor-solicitation -i vlan2 -d ff02::1:ff00:0/104 -j DROP

    Edit: My ISP is Comcast
     
    Last edited: Nov 15, 2015

Share This Page