LinuxCommandLibrary

ip-ntable

Manage IP network address translation (NAT) tables

SYNOPSIS

ip ntable [{list|flush} [dev STRING]] | [{add|change|replace|delete} ID [options]]

PARAMETERS

list
    List neighbour table configurations

flush
    Flush neighbour tables (all or per device)

add
    Add new neighbour table

change
    Change existing neighbour table

replace
    Replace neighbour table

delete
    Delete neighbour table

dev STRING
    Specify network device name

gc_thresh1 NUM
    Minimum hash table entries before soft limit

gc_thresh2 NUM
    Soft limit for garbage collection start

gc_thresh3 NUM
    Hard limit triggering aggressive GC

base_reachable_time MS
    Base time for reachable entry expiry (milliseconds)

retrans_time MS
    Retransmission interval (milliseconds)

gc_interval TIME
    Garbage collection interval

gc_stale_time TIME
    Time after which entry is stale

proxy_delay TIME
    Delay before proxy ARP response

anycast_delay TIME
    Delay before anycast probe

proxy_queue NUM
    Maximum queued proxy requests

app_solicit NUM
    Number of ARP requests from apps

unicast_solicit NUM
    Number of unicast ARP requests

gc_min_interval TIME
    Minimum GC interval

params
    Nested parameter block for detailed settings

DESCRIPTION

The ip ntable command, part of the iproute2 suite, configures and manages neighbour tables in the Linux kernel. Neighbour tables maintain mappings between protocol addresses (e.g., IP) and link-layer addresses (e.g., MAC) for protocols like ARP and NDISC. This tool allows listing active tables, flushing entries, or modifying parameters such as garbage collection thresholds (gc_thresh1, gc_thresh2, gc_thresh3), which control when the kernel prunes cache entries to manage memory.

Other settings include base_reachable_time (MS) for entry timeouts, retrans_time (MS) for probe intervals, solicitation counts (app_solicit, unicast_solicit), proxy delays, and garbage collection intervals. These optimize ARP/ND cache performance, reducing latency and preventing table overflow in high-traffic networks. Use requires root privileges and affects device-specific or default tables.

CAVEATS

Requires root privileges. Incorrect thresholds can cause network instability or high CPU usage. Changes are kernel-global or device-specific and persist until reboot unless persistent rules are set.

EXAMPLES

ip ntable list - Show all tables
ip ntable flush dev eth0 - Clear eth0 table
ip ntable add dev eth0 gc_thresh3 8192 - Increase hard limit

FILES

Reads/writes /proc/sys/net/ipv4/neigh/<dev>/ and IPv6 equivalents.

HISTORY

Introduced in iproute2 3.10.0 (2013) to provide fine-grained control over neighbour subsystem, evolving from older /proc/sys/net/ipv4/neigh sysctls.

SEE ALSO

ip-neigh(8), ip-link(8), ss(8), arp(7)

Copied to clipboard