I am attempting to troubleshoot a problem packet loss problem from a small regional ISP. What we see on our onsite router is packet loss intermittently in the 1-20% range. The cable modem is in bridge mode and we have a /30 subnet. We are receiving a very large (7000+ a min.) amount of ARP requests for IPs in other subnets that we do not own for instance 50.x.x.x/24 10.x.x.x/24 108.x.x.x/24. The source MAC address for all the ARP requests comes up as a CASA CMTS. Based on my research it looks like that the ISP is using Proxy ARP and Cable Bundling. Also, based on my research, it looks like CASA CMTS sends out an ARP request first before checking the DHCP server for the MAC address. Our local router has ARP table entries for 250-300 devices which all point to the CASA CMTS. I have a few questions:
1. I’m assuming the IP address of our default gateway is actually located on the Casa CMTS as opposed to the cable modem as we get the MAC address of the Casa CMTS due to cable bundling being enabled. If this is the case, why is the CMTS not filtering out ARP requests not on our subnet or at very least only forward broadcasts only on slave interfaces on a /24 of our subnet, do cable bundles forward all allowed broadcasts?
2. Would these ARP requests cause additional CPU load on the cable modem or does the modem just pass the traffic and not look at its ARP table to determine if it should respond? Would there be any other WAN interfaces on the modem that would need to respond to this traffic such as the diag interface of the modem (192.168.100.1) or some other interface?
3. Is this broadcast domain too large and what would be the best approach to take to talk to someone knowledgeable at the ISP to talk about the issue?
4. Our router is jumping between 30-70% memory usage and 10-50% CPU usage, while it looks like the hardware is powerful enough to handle looking at its ARP table 7000 a min, would it be worth putting a Cisco Switch in place with Static Arp inspection (ARP Storm Control) enabled and a manual ARP ACL to only respond to requests looking for IP addresses on our subnet?