From: James Courtier-Dutton <James@superbug.co.uk>
To: dean gaudet <dean@arctic.org>
Cc: netdev@vger.kernel.org
Subject: Re: gratuitous arp
Date: Sun, 26 Nov 2006 13:08:41 +0000 [thread overview]
Message-ID: <456991D9.7000503@superbug.co.uk> (raw)
In-Reply-To: <Pine.LNX.4.64.0611251819310.8068@twinlark.arctic.org>
dean gaudet wrote:
> On Sun, 26 Nov 2006, James Courtier-Dutton wrote:
>
>> dean gaudet wrote:
>>> hi...
>>>
>>> i ran into some problems recently which would have been avoided if my box
>>> did a gratuitous arp as it brought up all interfaces (the router took
>>> forever to timeout the ARP entries for interface aliases). so i set about
>>> looking to see why that wasn't happening.
> ...
>> Are you 100% sure about this?
>> Have you done a packet sniff on the network?
>> A lot of routers ignore gratuitous arp for security reasons.
>
> yeah i've done some packet sniffing to verify this.
>
> here's what happened (twice now): i upgraded a (normally busy) box, so
> the MAC address changed. the router is a cisco (not managed by me).
>
> debian reboot sequence at some point brings up the primary eth0 address
> and very soon thereafter there will be an arp "who-has $default_gw tell
> $primary_addr". that's sufficient to get the cisco to update its ARP
> cache for $primary_addr. this isn't gratuitous arp, but does the trick
> for the $primary_addr.
>
> but there's no gratuitous arp for any eth0:N aliased interfaces... and the
> cisco ARP cache on this ISP router seems to be set to a long timeout. i
> could reach eth0:N from local net, but couldn't get outside local net from
> eth0:N.
>
> issuing "arping -I eth0 -s $secondary_addr $default_gw" for each secondary
> address updated the cisco ARP cache and i could then reach eth0:N
> remotely.
>
> so... that may not be exactly gratuitous arp, but basically i was stuck
> until i forced the cisco to update its ARP cache for each of the secondary
> addrs...
>
> it seems to me it'd be nice for the init sequence to take care of this, so
> that other folks don't have to spend time debugging similar problems. i
> just wanted to ask if i'm missing something obvious before i go open a
> debian bug. (i'm tempted to see if fedora does anything differently.)
>
> thanks
> -dean
Ok, I think it is better to just do gratuitous arp on the primary interface.
If one starts doing it on secondary interfaces, one would then have to
also do it for all proxy-arp addresses(if used), and thinks could start
getting rather messy.
James
next prev parent reply other threads:[~2006-11-26 13:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-25 23:33 gratuitous arp dean gaudet
2006-11-26 2:05 ` James Courtier-Dutton
2006-11-26 2:31 ` dean gaudet
2006-11-26 2:53 ` Martin Josefsson
2006-11-26 13:08 ` James Courtier-Dutton [this message]
2006-11-26 13:52 ` Krzysztof Oledzki
2006-11-26 17:46 ` dean gaudet
2006-11-26 20:55 ` Andi Kleen
-- strict thread matches above, loose matches on Subject: below --
2003-12-04 21:24 Gratuitous ARP Krishna Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=456991D9.7000503@superbug.co.uk \
--to=james@superbug.co.uk \
--cc=dean@arctic.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).