If this lines show up in /var/log/messages it shows an overflow in ARP table.
Neighbour table overflow __ratelimit: 65 callbacks suppressed
This should list the number of entries in the ARP table:
arp -n | wc -l
If indeed there is a high number of entries increasing the size of the table
by adding this lines in /etc/sysctl.conf will solve the problem.
Values can be lower or higher depending on the type of server.
net.ipv4.neigh.default.gc_thresh1 = 1024 net.ipv4.neigh.default.gc_thresh2 = 2048 net.ipv4.neigh.default.gc_thresh3 = 4096
Since I had only a few entries listed in the ARP table i started to watch the network traffic
to find out what happens when the errors are logged by running two ssh consoles at the same time:
tcpdump -nS not port 22 - watching traffic and ignoring ssh traffic tail -f /var/log/messages - watching log to see when the error is logged
In my case there was an occasional big spike of IPv6 ARP requests that were causing the overflow
and adding this lines into /etc/sysctl.conf solved it.
net.ipv6.neigh.default.gc_thresh1 = 512 net.ipv6.neigh.default.gc_thresh2 = 1024 net.ipv6.neigh.default.gc_thresh3 = 2048
Run this to apply the changes:
/sbin/sysctl -p