≡ Menu

Linux: Neighbour Table Overflow Error and Solution

I setup a CentOS Linux based Linux server running as a gateway and firewall server. However, I’m getting the following messages in the /var/log/messages log file:

Dec 20 00:41:01 fw01 kernel: Neighbour table overflow.
Dec 20 00:41:01 fw01 last message repeated 20 times


Dec 20 00:41:01 fw03 kernel: [ 8987.821184] Neighbour table overflow.
Dec 20 00:41:01 fw03 kernel: [ 8987.860465] printk: 100 messages suppressed.

Why does kernel throw “Neighbour table overflow” messages in syslog? How do I fix this problem under Debian / CentOS / RHEL / Fedora / Ubuntu Linux?

For busy networks (or gateway / firewall Linux server) it is mandatory to increase the kernel’s internal ARP cache size. The following kernel variables are used:


To see current values, type:
# sysctl net.ipv4.neigh.default.gc_thresh1
Sample outputs:

net.ipv4.neigh.default.gc_thresh1 = 128

Type the following command:
# sysctl net.ipv4.neigh.default.gc_thresh2
Sample outputs:

net.ipv4.neigh.default.gc_thresh2 = 512

Type the following command:
# sysctl net.ipv4.neigh.default.gc_thresh3
Sample outputs:

net.ipv4.neigh.default.gc_thresh3 = 1024

So you need to make sure that the arp table to become bigger than the above defaults. The above limitations are good for small network or a single server. This will also affect your DNS traffic.

How Do I Fix “Neighbour Table Overflow” Error?

Edit /etc/sysctl.conf file, enter:
# vi /etc/sysctl.conf
Append the following values (this is taken from server that protects over 200 desktops running MS-Windows, Linux, and Apple OS X):

 ## works best with <= 500 client computers ##
# Force gc to clean-up quickly
net.ipv4.neigh.default.gc_interval = 3600
# Set ARP cache entry timeout
net.ipv4.neigh.default.gc_stale_time = 3600
# Setup DNS threshold for arp 
net.ipv4.neigh.default.gc_thresh3 = 4096
net.ipv4.neigh.default.gc_thresh2 = 2048
net.ipv4.neigh.default.gc_thresh1 = 1024

To load new changes type the following command:
# sysctl -p

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 4 comments… add one }
  • J November 13, 2012, 1:40 pm

    That’s great, but WHY? What are the three different levels of thresholds, when does each one become relevant? Are there any adverse affects to increasing these? Why wouldn’t I want to set these extremely high? Why are they set to what they are in the first place?

    • vinod July 5, 2015, 9:07 am

      I just found this while googling hope it helps.

      These 3 parameters are defined in the Linux Kernel Code in the header file “/include/net/neighbour.h” as integer, which suggests that maximal accepted value is (232 – 1).

      Gaia Portal accepts maximal value of 16384.

      The minimum number of entries to keep in the ARP cache.
      The garbage collector will not run if there are fewer than this number of entries in the cache.

      The soft maximum number of entries to keep in the ARP cache.
      The garbage collector will allow the number of entries to exceed this for 5 seconds before collection will be performed.


      The hard maximum number of entries to keep in the ARP cache.
      The garbage collector will always run if there are more than this number of entries in the cache.
      In order for the garbage collector to work properly, and not to overload the machine with garbage collections, when changing the ‘gc_thresh3’ parameter, user should (note: does not have to) change the ‘gc_thresh2’ and ‘gc_thresh1’ parameters accordingly.

  • Jon January 6, 2014, 7:10 pm

    Thanks a TON! Quick fix to an issue I was having on Debian 7.

  • tanzeem January 21, 2015, 6:33 pm

    Good it works

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , , , , , , , , , , , , , , , ,