Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. SNMP trap is partly destroyed during ARP execution in Windows

SNMP trap is partly destroyed during ARP execution in Windows

View products that this article applies to.

Symptoms

A partial datagram of a Simple Network Management Protocol (SNMP) trap cannot be sent and discarded when one or more of the following conditions are true:
  • Multiple IP addresses are registered as the SNMP sender.
  • No entries for the SNMP sender IP and MAC address in the Address Resolution Protocol (ARP) table.
  • An application issues many SNMP traps in a short time period.

↑ Back to the top

Cause

This issue occurs because of Internet Host requirements that are defined in RFC1122 (Requirements for Internet Hosts -- Communication Layers). This is by design.
Specifically, when packets are sent to the IP address whose MAC address is unresolved by ARP, the data link layer will save at least one of the packets that are sent to the same unresolved IP address. Therefore, the saved packets will be sent to the IP address until the MAC address is resolved.

↑ Back to the top

Workaround

To work around this issue, follow these steps:
  1. Before the SNMP trap is sent, update the ARP cache by running a ping command.
  2. Statically register next-hop IP address, such as the default gateway.

    Note This value is reset after the system is restarted.

↑ Back to the top

More Information

About ARP caching behavior in Windows
ARP caching behavior was changed in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The TCP/IP stack implementations in Windows comply with RFC4861 (Neighbor Discovery protocol for IP version 6 [Ipv6]) for both the IPv4 and IPv6 Neighbor Discovery process. 

The ArpCacheLife and ArpCacheMinReferencedLife registry entries determine how the ARP cache is maintained in Windows XP and in Windows Server 2003. These registry entries no longer apply to Windows Vista, Windows Server 2008, or a later version of a Windows-based operating system.

In the new Windows TCP/IP stack implementation, hosts create the neighbor cache entries when there is no matching entry in the neighbor cache. ARP cache entry for IPv4 is an example of a neighbor cache entry. After the entry is successfully created in the neighbor cache, the entry may change to the "Reachable" state if the entry meets certain conditions. If the entry is in the "Reachable" state, Windows TCP/IP hosts do not send ARP requests to the network. Therefore, Windows TCP/IP hosts use the information in the cache. If an entry is not used, and it stays in the "Reachable" state for longer than its "Reachable Time" value, the entry changes to the "Stale" state. If an entry is in the "Stale" state, the Windows TCP/IP host must send an ARP request to reach that destination.

The "Reachable Time" value is calculated as follows:
Reachable Time = BaseReachable Time × (A random value between MIN_RANDOM_FACTOR and MAX_RANDOM_FACTOR)
RFC provides the following calculated results.
Parameter NameValue
BaseReachable Time30,000 milliseconds (ms)
MIN_RANDOM_FACTOR0.5 second
MAX_RANDOM_FACTOR1.5 seconds
Therefore, the "Reachable Time" value is somewhere between 15 seconds (30 × 0.5 seconds) and 45 seconds (30 × 1.5 seconds). If an entry is not used for a time between 15 to 45 seconds, it changes to the "Stale" state. Then, the host must send an ARP Request for IPV4 to the network when any IP datagram is sent to that destination.

How to check the "Reachable Time" value

To see the current "Reachable Time" value, follow these steps:
  1. At the command prompt, type the following command:
    netsh interface ipv4 show interfaces
    Example result: 
    Idx  Met   MTU   State        Name
    ---  ---  -----  -----------  -------------------
      1   50 4294967295  connected    Loopback Pseudo-Interface 1
      9   20   1500  connected    Local Area Connection
  2. In step 1, the "Local Area Connection" Idx is 9. Therefore, you can show interface 9 by using the following command: 
    netsh interface ipv4 show interface 9
    Example result:
    Interface Local Area Connection Parameters
    ----------------------------------------------
    IfLuid                             : ethernet_7
    IfIndex                            : 9
    Compartment Id                     : 1
    State                              : connected
    Metric                             : 20
    Link MTU                           : 1500 bytes
    Reachable Time                     : 19000 ms 
    Base Reachable Time                : 30000 ms 
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 3 
    Site Prefix Length                 : 64 
    Site Id                            : 1 
    Forwarding                         : disabled
    Advertising                        : disabled 
    Neighbor Discovery                 : enabled 
    Neighbor Unreachability Detecion   : enabled 
    Router Discovery                   : dhcp 
    Managed Address Configuration      : enabled 
    Other Stateful Configuration       : enabled 
    Weak Host Sends                    : disabled 
    Weak Host Receives                 : disabled 
    Use Automatic Metric               : enabled 
    Ignore Default routes              : disabled
  3. You can change the "BaseReachable Time" value by using the following example command: 
    netsh interface ipv4 set interface 9 basereachable=60000
  4. To see the result of step 3, use the following command: 
    netsh interface ipv4 show interface 9
    Example result: 
    Interface Local Area Connection Parameters
    ----------------------------------------------
    IfLuid                             : ethernet_7
    IfIndex                            : 9
    Compartment Id                     : 1
    State                              : connected
    Metric                             : 20
    Link MTU                           : 1500 bytes
    Reachable Time                     : 61500 ms
    Base Reachable Time                : 60000 ms 
    Retransmission Interval            : 1000 ms
    DAD Transmits                      : 3 
    Site Prefix Length                 : 64 
    Site Id                            : 1 
    Forwarding                         : disabled
    Advertising                        : disabled 
    Neighbor Discovery                 : enabled 
    Neighbor Unreachability Detecion   : enabled 
    Router Discovery                   : dhcp 
    Managed Address Configuration      : enabled 
    Other Stateful Configuration       : enabled 
    Weak Host Sends                    : disabled 
    Weak Host Receives                 : disabled 
    Use Automatic Metric               : enabled 
    Ignore Default routes              : disabled
    Note The "Base Reachable Time" value has changed to 60000 ms.
  5. You can increase the neighbor cache limit by using the following command: 
    netsh interface ipv4 set global neighborcachelimit = 4096
    Note The default neighbor cache limit is 256.
Download the document about TCP/IP registry values for Windows Vista and for Windows Server 2008.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top

Keywords: kb, kbprb, kbtshoot, kbsurveynew, kbexpertiseadvanced

↑ Back to the top

Article Info
Article ID : 2840421
Revision : 1
Created on : 1/7/2017
Published on : 12/22/2014
Exists online : False
Views : 542