Saturday, January 29, 2011

How to broadcast ARP update to all neighbors in Linux?

Some clients in the subnet has cached the IP with old MAC address, I want them to update the new value by doing a ARP broadcast, is it possible in Linux?

From serverfault Howard

  • It is not necessary. As in: when you changed the IP, the computer should have done so automatically. If the clietns are hardcoded, a broadcast will not change the hadcoded override.

    I do IT for about 20 years now, and in all this time I have NEVER (!) had this happen without faulty equipment.

    Howard : The problem is I accidentally assign a new machine with an used IP, so they conflict the IP. I can't access the old machine using SSH. Now I remotely shutdown the wrong (new) machine, but I still cannot access the old machine, I suspect the router has cached MAC address in its ARP table.
    Kimvais : This is called ''gratuitous ARP'' - see http://en.wikipedia.org/wiki/Address_Resolution_Protocol#ARP_announcements
    Kimvais : Should work after the arp cache expires. You can also try flushing the arp table on the machine you are trying to access the old machine from
    Howard : @Kimvais, but I can't access other hosts in the subnet, so I want to know if any method to make the update happen earlier.
    tylerl : @TomTom - perhaps you just haven't been working in the right environment to see it. Sending unsolicited ARP packets is a common way to quickly re-route traffic to a new server in a failover situation. Many high-end switches and routers can take several *minutes* to recognize that an IP address has moved to a different physical port otherwise. Cisco switches are notorious for this.
    TomTom : Yes, but then whatever failover scenario you use autoamtically sends ARP requests. if you failover by chaning the IP on the server - the server will send an ARP request to the switch. No need to do that manually again.
    From TomTom

  • Yes, it's called "Unsolicited ARP" or "Gratuitous ARP". Check the manpage for arping for more details, but the syntax looks something like this:

    arping -U 192.168.1.101

    If you're spoofing an address, you may need to run this first:

    echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind

    Finally, because of its spoofing ability, sending Unsolicited ARP packets is sometimes considered a "hostile" activity, and may be ignored, or might lead to being blocked by some third-party firewalls.

    From tylerl
Posted by Mu Cat at 5:49 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)