diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -97,8 +97,10 @@
     "");
 
 /* timer values */
-VNET_DEFINE_STATIC(int, arpt_keep) = (20*60);	/* once resolved, good for 20
-						 * minutes */
+VNET_DEFINE_STATIC(int, arpt_keep) = 60;	/* once resolved, good for 60
+						 * seconds */
+VNET_DEFINE_STATIC(int, arpt_jitter) = 10;	/* magnitude of jitter to apply
+						 * to the above */
 VNET_DEFINE_STATIC(int, arp_maxtries) = 5;
 VNET_DEFINE_STATIC(int, arp_proxyall) = 0;
 VNET_DEFINE_STATIC(int, arpt_down) = 20;	/* keep incomplete entries for
@@ -114,6 +116,7 @@
 VNET_DEFINE_STATIC(int, arp_maxhold) = 16;
 
 #define	V_arpt_keep		VNET(arpt_keep)
+#define	V_arpt_jitter		VNET(arpt_jitter)
 #define	V_arpt_down		VNET(arpt_down)
 #define	V_arpt_rexmit		VNET(arpt_rexmit)
 #define	V_arp_maxtries		VNET(arp_maxtries)
@@ -123,6 +126,9 @@
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, max_age, CTLFLAG_VNET | CTLFLAG_RW,
 	&VNET_NAME(arpt_keep), 0,
 	"ARP entry lifetime in seconds");
+SYSCTL_INT(_net_link_ether_inet, OID_AUTO, jitter, CTLFLAG_VNET | CTLFLAG_RW,
+	&VNET_NAME(arpt_jitter), 0,
+	"ARP entry lifetime jitter in seconds");
 SYSCTL_INT(_net_link_ether_inet, OID_AUTO, maxtries, CTLFLAG_VNET | CTLFLAG_RW,
 	&VNET_NAME(arp_maxtries), 0,
 	"ARP resolution attempts before returning error");
@@ -1257,7 +1263,7 @@
 static void
 arp_mark_lle_reachable(struct llentry *la, struct ifnet *ifp)
 {
-	int canceled, wtime;
+	int canceled, keep, wtime;
 
 	LLE_WLOCK_ASSERT(la);
 
@@ -1269,10 +1275,12 @@
 
 	if (!(la->la_flags & LLE_STATIC)) {
 		LLE_ADDREF(la);
-		la->la_expire = time_uptime + V_arpt_keep;
-		wtime = V_arpt_keep - V_arp_maxtries * V_arpt_rexmit;
+		keep = V_arpt_keep +
+		    arc4random_uniform(V_arpt_jitter * 2 + 1) - V_arpt_jitter;
+		la->la_expire = time_uptime + keep;
+		wtime = keep - V_arp_maxtries * V_arpt_rexmit;
 		if (wtime < 0)
-			wtime = V_arpt_keep;
+			wtime = keep;
 		canceled = callout_reset(&la->lle_timer,
 		    hz * wtime, arptimer, la);
 		if (canceled)
diff --git a/tests/sys/netinet/arp.sh b/tests/sys/netinet/arp.sh
--- a/tests/sys/netinet/arp.sh
+++ b/tests/sys/netinet/arp.sh
@@ -200,7 +200,7 @@
 	permanent=\
 "? (${ipb}) at 00:00:00:00:00:00 on ${epair0}a permanent [ethernet]\n"
 	temporary_re=\
-"\? \(${ipb_re}\) at ${eth} on ${epair0}a expires in ${max_age} seconds \[ethernet\]"
+"\? \(${ipb_re}\) at ${eth} on ${epair0}a expires in [1-9][0-9]* seconds \[ethernet\]"
 	deleted=\
 "${ipb} (${ipb}) deleted\n"