R3204P16-HP Load Balancing Module Network Management Configuration Guide-6PW101
Table Of Contents
- Title page
- Contents
- Interface management configuration
- IP addressing configuration
- MAC address table configuration
- Layer 2 forwarding configuration
- Layer 2 forwarding overview
- Configuring general Layer 2 forwarding
- Configuring inline Layer 2 forwarding
- Configuring inter-VLAN Layer 2 forwarding
- Forward-type inline Layer 2 forwarding configuration example
- Blackhole-type inline Layer 2 forwarding configuration example
- Inter-VLAN Layer 2 forwarding configuration example
- VLAN configuration
- ARP configuration
- Gratuitous ARP configuration
- Proxy ARP configuration
- Layer 3 forwarding configuration
- NAT configuration
- Overview
- Configuring a NAT policy in the web interface
- Configuring NAT in the CLIs
- Configuration guidelines
- ALG configuration
- Static route configuration
- RIP configuration
- OSPF configuration
- BGP configuration
- Policy-based routing configuration
- Route displaying
- DNS configuration
- Overview
- Configuring DNS on the web interface
- Configuring DNS in the CLIs
- Troubleshooting IPv4 DNS configuration
- Support and other resources
- Index
62
Gratuitous ARP configuration
NOTE:
The LB module supports gratuitous ARP configuration only in the CLIs.
Introduction to gratuitous ARP
In a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of the
sending device, the sender MAC address is the MAC address of the sending device, and the target MAC
address is the broadcast address ff:ff:ff:ff:ff:ff.
An LB card sends a gratuitous ARP packets to:
• Determine whether its IP address is already used by another device. If the IP address is already used,
the LB card will be informed by an ARP reply of the conflict;
• Inform other devices of its MAC address change.
Enabling learning of gratuitous ARP packets
With this feature enabled, an LB card, upon receiving a gratuitous ARP packet, adds the sender IP and
MAC addresses carried in the packet to its ARP table if no corresponding ARP entry exists. If the
corresponding ARP entry is found, the card updates the ARP entry.
After this feature is disabled, the LB card will use the address information in the received gratuitous ARP
packets to update the existing ARP entries only, but not to create new ARP entries.
Configuring periodic sending of gratuitous ARP packets
Enabling an LB card to periodically send gratuitous ARP packets helps downstream devices update their
corresponding ARP entries or MAC entries in time. This feature can be used to:
1. Prevent gateway spoofing
If an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic destined for the
gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the external
network.
To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP packets
containing its primary IP address or one of its manually configured secondary IP addresses at a specific
interval. In this way, each host can learn correct gateway address information.
2. Prevent ARP entries from being aged out
If network traffic is heavy or the CPU utility is high on a host, ARP packets received may be discarded or
cannot be processed in time. Eventually, the dynamic ARP entries on the receiving host will be aged out,
and the traffic between the host and the corresponding devices will be interrupted until the host creates
the ARP entries again.
To prevent such a problem, you can enable the gateway to send gratuitous ARP packets periodically. The
gratuitous ARP packets contain the gateway's primary IP address or one of its manually configured
secondary IP addresses. In this way, the receiving host can update ARP entries in time and ensure traffic
continuity.