SNMP trap is partly destroyed during ARP execution in Windows

View products that this article applies to.

Symptoms

A partial datagram of a Simple Network Management Protocol (SNMP) trap cannot be sent and discarded when one or more of the following conditions are true:

Multiple IP addresses are registered as the SNMP sender.
No entries for the SNMP sender IP and MAC address in the Address Resolution Protocol (ARP) table.
An application issues many SNMP traps in a short time period.

↑ Back to the top

Cause

This issue occurs because of Internet Host requirements that are defined in RFC1122 (Requirements for Internet Hosts -- Communication Layers). This is by design.
Specifically, when packets are sent to the IP address whose MAC address is unresolved by ARP, the data link layer will save at least one of the packets that are sent to the same unresolved IP address. Therefore, the saved packets will be sent to the IP address until the MAC address is resolved.

↑ Back to the top

Workaround

To work around this issue, follow these steps:

Before the SNMP trap is sent, update the ARP cache by running a ping command.
Statically register next-hop IP address, such as the default gateway.

Note This value is reset after the system is restarted.

↑ Back to the top

More Information

About ARP caching behavior in Windows

ARP caching behavior was changed in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2. The TCP/IP stack implementations in Windows comply with RFC4861 (Neighbor Discovery protocol for IP version 6 [Ipv6]) for both the IPv4 and IPv6 Neighbor Discovery process.

The ArpCacheLife and ArpCacheMinReferencedLife registry entries determine how the ARP cache is maintained in Windows XP and in Windows Server 2003. These registry entries no longer apply to Windows Vista, Windows Server 2008, or a later version of a Windows-based operating system.

In the new Windows TCP/IP stack implementation, hosts create the neighbor cache entries when there is no matching entry in the neighbor cache. ARP cache entry for IPv4 is an example of a neighbor cache entry. After the entry is successfully created in the neighbor cache, the entry may change to the "Reachable" state if the entry meets certain conditions. If the entry is in the "Reachable" state, Windows TCP/IP hosts do not send ARP requests to the network. Therefore, Windows TCP/IP hosts use the information in the cache. If an entry is not used, and it stays in the "Reachable" state for longer than its "Reachable Time" value, the entry changes to the "Stale" state. If an entry is in the "Stale" state, the Windows TCP/IP host must send an ARP request to reach that destination.

The "Reachable Time" value is calculated as follows:

Reachable Time = BaseReachable Time × (A random value between MIN_RANDOM_FACTOR and MAX_RANDOM_FACTOR)

RFC provides the following calculated results.

Parameter Name	Value
BaseReachable Time	30,000 milliseconds (ms)
MIN_RANDOM_FACTOR	0.5 second
MAX_RANDOM_FACTOR	1.5 seconds

Therefore, the "Reachable Time" value is somewhere between 15 seconds (30 × 0.5 seconds) and 45 seconds (30 × 1.5 seconds). If an entry is not used for a time between 15 to 45 seconds, it changes to the "Stale" state. Then, the host must send an ARP Request for IPV4 to the network when any IP datagram is sent to that destination.

How to check the "Reachable Time" value

To see the current "Reachable Time" value, follow these steps:

At the command prompt, type the following command:

netsh interface ipv4 show interfaces

Example result:

Idx  Met   MTU   State        Name
---  ---  -----  -----------  -------------------
  1   50 4294967295  connected    Loopback Pseudo-Interface 1
  9   20   1500  connected    Local Area Connection

In step 1, the "Local Area Connection" Idx is 9. Therefore, you can show interface 9 by using the following command:

netsh interface ipv4 show interface 9

Example result:

Interface Local Area Connection Parameters
----------------------------------------------
IfLuid                             : ethernet_7
IfIndex                            : 9
Compartment Id                     : 1
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 19000 ms 
Base Reachable Time                : 30000 ms 
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3 
Site Prefix Length                 : 64 
Site Id                            : 1 
Forwarding                         : disabled
Advertising                        : disabled 
Neighbor Discovery                 : enabled 
Neighbor Unreachability Detecion   : enabled 
Router Discovery                   : dhcp 
Managed Address Configuration      : enabled 
Other Stateful Configuration       : enabled 
Weak Host Sends                    : disabled 
Weak Host Receives                 : disabled 
Use Automatic Metric               : enabled 
Ignore Default routes              : disabled

You can change the "BaseReachable Time" value by using the following example command:
netsh interface ipv4 set interface 9 basereachable=60000

To see the result of step 3, use the following command:

netsh interface ipv4 show interface 9

Example result:

Interface Local Area Connection Parameters
----------------------------------------------
IfLuid                             : ethernet_7
IfIndex                            : 9
Compartment Id                     : 1
State                              : connected
Metric                             : 20
Link MTU                           : 1500 bytes
Reachable Time                     : 61500 ms
Base Reachable Time                : 60000 ms 
Retransmission Interval            : 1000 ms
DAD Transmits                      : 3 
Site Prefix Length                 : 64 
Site Id                            : 1 
Forwarding                         : disabled
Advertising                        : disabled 
Neighbor Discovery                 : enabled 
Neighbor Unreachability Detecion   : enabled 
Router Discovery                   : dhcp 
Managed Address Configuration      : enabled 
Other Stateful Configuration       : enabled 
Weak Host Sends                    : disabled 
Weak Host Receives                 : disabled 
Use Automatic Metric               : enabled 
Ignore Default routes              : disabled

Note The "Base Reachable Time" value has changed to 60000 ms.

You can increase the neighbor cache limit by using the following command:
netsh interface ipv4 set global neighborcachelimit = 4096
Note The default neighbor cache limit is 256.

Download the document about TCP/IP registry values for Windows Vista and for Windows Server 2008.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kb, kbprb, kbtshoot, kbsurveynew, kbexpertiseadvanced

↑ Back to the top

Article Info

Article ID	:	2840421
Revision	:	1
Created on	:	1/7/2017
Published on	:	12/22/2014
Exists online	:	False
Views	:	655

Microsoft KB Archive Search

SNMP trap is partly destroyed during ARP execution in Windows

Symptoms

Cause

Workaround

More Information

How to check the "Reachable Time" value

Applies to: