Modifying Kerio Control Settings for Stopping Loop ARP Requests

Overview

Kerio Control is constantly sending the following ARP (Address Resolution Protocol) request: Who has <Kerio Control public IP address>? Tell <IP address>

This article shares the process of resolving this issue by modifying the default ARP settings in the internal configuration files of Kerio Control.

 

Root Cause 

This loop generation problem occurs in large networks when there are more ARP requests than the (ISP) server can handle.

---

 

Process

Follow these steps:

1. Access Kerio Control using SSH.
2. Execute this command to make the system readable and writable: mount -o rw,remount /
3. Open the sysctl.conf file using the Nano editor with this command: nano /etc/sysctl.conf
   
   
   
   
4. Add the following lines and save the file:
   

   net.ipv4.conf.eth0.arp_ignore = 1
   net.ipv4.conf.eth0.arp_announce = 2

5. Restart Kerio Control using this command: /etc/boxinit.d/60winroute restart
   
   
6. (Optional) If the Kerio Control ARP requests are still being generated, add the following lines to /etc/sysctl.conf:
   

   sysctl -w net.ipv4.neigh.default.gc_thresh1=4096
       sysctl -w net.ipv4.neigh.default.gc_thresh2=8192
       sysctl -w net.ipv4.neigh.default.gc_thresh3=8192
       sysctl -w net.ipv4.neigh.default.gc_stale_time=86400

    

Confirmation

ARP settings are modified and the storming/loop requests stop.

Back to top

---

 

Additional Information

• Enabling Protection from DDoS Attacks in Kerio Control
• Using arp announce/arp ignore to disable ARP
• Neighbour Table Overflow – sysctl.conf Tunning