Forum Discussion
dragonflymr
Cirrostratus
CirrostratusGratuitous ARP - how it's working
Hi,
I did some research about Gratuitous ARP (GARP) on the Internet and in F5 docs as well as did some tcdumps on my test system. I am not network expert so maybe it's obvious question but I can...
Saskia_81056
Nimbostratus
NimbostratusARP = Layer 3. All L3 devices in this L2 broadcast domain will process the GARP by putting the new MAC<->IP mapping into their ARP table. They don't care if there has been a request or not (which is why it can be easily used for spoofing)
Regarding the switches (L2): They don't really care about the GARP. The only sideway effect of the whole GARP thing is: As soon as the GARP frame arrives at the switch, it will learn the source MAC of this packet. Because of this, the switch will update its MAC address table.
dragonflymrHi, Well, I would say ARP is L2/L3 but this is not so important here. So I should assume that every L3 device should update arp cache after receiving GARP: L3 switch, router, server, workstation etc.? I suspect that my test on W2K8 server were showing something different because of a bug I was reading about. Piotr- Saskia_81056Yep. You could e.g. just send out a ARP Reply (by using a packet builder) which announces your mac address to be the gateway ip within a subnet and all L3 devices would update their arp table accordingly. In case of the BIG-IP and many other clusters it will help to announce the current primary.
- dragonflymrWell, I guess testing using win platform was not the best choice, will play with linux to see how it works :-) Piotr
- dragonflymrI did such test, based on info here I expected that server (RedHat) will add entries to arpcache but it was not the case. So maybe I am missing some clue. Scenario: 1. arp cache checked on linux host (Red Hat Linux release 7.3 (Valhalla) - actually PHPAuction based host) with arp -n - two entries present, one is floating selfIP on LTM (VE 11.2.0HF7) - probably because it's set as DG 2. VS located on the same VLAN as linux host, disabled and then enabled 3. On linux host I can see long list of garp packets generated by LTM - for vip of mentioned vs total of 5 garp packets received 4. arp -n - no new entries Is that OK? So server/workstation should not add info from garp to arp cache based on received garp? Or it's some config option/bug in RedHat version I am using? Then I did test for entries already in arpcache, floating selfIP, vip. After failover to second device immediately entries were updated with MAC of new active unit. What is strange update was immediate, even before I was able to see garp packets in tcpdump - is that because of tcpdump limitation or some "magic" occurred? Piotr P.S. For whomever it will be of the value in the future, here is best explanation I found till now about garp: http://www.ultramonkey.org/3/ip_address_takeover.html
- boneyard
MVP
what i feel isn't quite right in your opening post is saying there are multiple types are gratuitous ARP messages. i don't believe there are. there is just the ARP announcement which is sometimes called gratuitous ARP. on your linux test, this might be useful: https://lists.debian.org/debian-user/2010/04/msg01110.html
