IOS not accepting gratuitous ARPs

I assume this is a bug? If blocking were on, you'd see a message like "Ignored gratuitous ARP", and I observed the behavior below with EITHER the default ARP settings OR with "ip arp gratuitous local" configured.

R2(config)#end

R2#
*Mar  1 01:22:32.071: %SYS-5-CONFIG_I: Configured from console by console
R2#
*Mar  1 01:22:45.623: IP ARP: rcvd rep src 192.168.2.1 c200.0390.0000, dst 192.168.2.1 FastEthernet0/0
*Mar  1 01:22:45.623: IP ARP: rcvd rep src 192.168.2.1 c200.0390.0000, dst 192.168.2.1 FastEthernet0/0
R2#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.2.2             -   c201.0390.0000  ARPA   FastEthernet0/0

Comments

  • It's an old one--12.4(15)T14--but an extremely stable GNS3 image I have on-hand.

  • I figured it out--Cisco IOS Gratuitous ARPs handling is actually fine. Upon receipt, IOS examines its table and update any existing entries, but it will not create ones! This design limits the size of the ARP cache.

    ARP packet debugging is on

    R1#
    R1#
    R1#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  1.1.1.1                 -   aaaa.bbbb.cccc  ARPA
    Internet  1.2.1.1                 -   c200.0390.0001  ARPA   FastEthernet0/1
    R1#
    *Mar  1 23:34:21.670: IP ARP: rcvd rep src 1.1.1.44 0000.2222.2222, dst 1.1.1.44 FastEthernet0/0
    *Mar  1 23:34:21.670: IP ARP: rcvd rep src 1.1.1.44 0000.2222.2222, dst 1.1.1.44 FastEthernet0/0
    R1#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  1.1.1.1                 -   aaaa.bbbb.cccc  ARPA
    Internet  1.2.1.1                 -   c200.0390.0001  ARPA   FastEthernet0/1
    R1#ping 1.1.1.44

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 1.1.1.44, timeout is 2 seconds:

    *Mar  1 23:34:28.706: IP ARP: creating incomplete entry for IP address: 1.1.1.44 interface FastEthernet0/0
    *Mar  1 23:34:28.706: IP ARP: sent req src 1.1.1.1 c200.0390.0000,
                     dst 1.1.1.44 0000.0000.0000 FastEthernet0/0
    *Mar  1 23:34:28.782: IP ARP: rcvd rep src 1.1.1.44 0000.2222.2222, dst 1.1.1.1 FastEthernet0/0.!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 16/22/32 ms
    R1#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  1.1.1.1                 -   aaaa.bbbb.cccc  ARPA
    Internet  1.1.1.44                0   0000.2222.2222  ARPA   FastEthernet0/0
    Internet  1.2.1.1                 -   c200.0390.0001  ARPA   FastEthernet0/1
    R1#
    R1#
    *Mar  1 23:49:32.806: IP ARP: rcvd rep src 1.1.1.44 0000.6666.6666, dst 1.1.1.44 FastEthernet0/0
    *Mar  1 23:49:32.810: IP ARP: rcvd rep src 1.1.1.44 0000.6666.6666, dst 1.1.1.44 FastEthernet0/0
    R1#sh arp
    Protocol  Address          Age (min)  Hardware Addr   Type   Interface
    Internet  1.1.1.1                 -   aaaa.bbbb.cccc  ARPA
    Internet  1.1.1.44                0   0000.6666.6666  ARPA   FastEthernet0/0
    Internet  1.2.1.1                 -   c200.0390.0001  ARPA   FastEthernet0/1

  • Not to flog a dead horse, here is a command that I think is IPv6's counter part:

    ipv6 nd na glean

    Usage Guidelines

    IPv6 nodes may choose to emit a multicast unsolicited NA packet following the successful completion of duplicate address detection (DAD). By default, these unsolicited NA packets are ignored by other IPv6 nodes. The ipv6 nd na glean command configures the router to create an ND entry on receipt of an unsolicited NA packet (assuming no such entry already exists and the NA has the link-layer address option). Use of this command allows a router to populate its ND cache with an entry for a neighbor in advance of any data traffic exchange with the neighbor. 

Sign In or Register to comment.