Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Feb 09, 2015

Gratuitous ARP - how it's working

Hi,   I did some research about Gratuitous ARP (GARP) on the Internet and in F5 docs as well as did some tcdumps on my test system. I am not network expert so maybe it's obvious question but I can...
application delivery
availability
design
LTM
TMOS
Saskia_81056's avatar
Saskia_81056
Icon for Nimbostratus rankNimbostratus
Feb 12, 2015

ARP = Layer 3. All L3 devices in this L2 broadcast domain will process the GARP by putting the new MAC<->IP mapping into their ARP table. They don't care if there has been a request or not (which is why it can be easily used for spoofing)

 

Regarding the switches (L2): They don't really care about the GARP. The only sideway effect of the whole GARP thing is: As soon as the GARP frame arrives at the switch, it will learn the source MAC of this packet. Because of this, the switch will update its MAC address table.

 

Saskia_81056's avatar
Saskia_81056
Icon for Nimbostratus rankNimbostratus
Feb 12, 2015
Yep. You could e.g. just send out a ARP Reply (by using a packet builder) which announces your mac address to be the gateway ip within a subnet and all L3 devices would update their arp table accordingly. In case of the BIG-IP and many other clusters it will help to announce the current primary.