Gratuitous ARP

Edit | View | Diffs | Info | Raw | Print

Recent Pages:

User

Login

Pages

FrontPage
RecentChanges
FindPage
HelpContents

Actions

Attach File
Check Spelling
Delete Cache
Like Pages
Local Site Map
Print View
Raw Text

Gratuitous ARP

Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an AddressResolutionProtocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. Gratuitous ARP reply is a reply to which no request has been made.

Gratuitous ARPs are useful for four reasons:

  • They can help detect IP conflicts. When a machine receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.

  • They assist in the updating of other machines' ARP tables. Clustering solutions utilize this when they move an IP from one NIC to another, or from one machine to another. Other machines maintain an ARP table that contains the MAC associated with an IP. When the cluster needs to move the IP to a different NIC, be it on the same machine or a different one, it reconfigures the NICs appropriately then broadcasts a gratuitous ARP reply to inform the neighboring machines about the change in MAC for the IP. Machines receiving the ARP packet then update their ARP tables with the new MAC.

  • They inform switches of the MAC address of the machine on a given switch port, so that the switch knows that it should transmit packets sent to that MAC address on that switch port.

  • Every time an IP interface or link goes up, the driver for that interface will typically send a gratuitous ARP to preload the ARP tables of all other local hosts. Thus, a gratuitous ARP will tell us that that host just has had a link up event, such as a link bounce, a machine just being rebooted or the user/sysadmin on that host just configuring the interface up. If we see multiple gratuitous ARPs from the same host frequently, it can be an indication of bad Ethernet hardware/cabling resulting in frequent link bounces.

Examples

  • The networking stack in many operating systems will issue a gratuitous ARP if the IP or MAC address of a network interface changes, to inform other machines on the network of the change so they can report IP address conflicts, to let other machines update their ARP tables, and to inform switches of the MAC address of the machine.

    The networking stack in many operating systems will also issue a gratuitous ARP on an interface every time the link to that interface has been brought to the up state. The gratuitous ARP then is used to preload the ARP table on all local hosts of the possibly new mapping between MAC and IP address (for failover clusters that do not take over the MAC address) or to let the switch relearn behind which port a certain MAC address resides (for failover clusters where you do pull the MAC address over as well or when you simply just move the network cable from one port to another on a normal nonclustered host)

  • The [WWW]High-Availability Linux Project utilizes a command-line tool called send_arp to perform the gratuitous ARP needed in their failover process. A typical clustering scenario might play out like the following:

    • Two nodes in a cluster are configured to share a common IP address 192.168.1.1. Node A has a hardware address of 01:01:01:01:01:01 and node B has a hardware address of 02:02:02:02:02:02.

    • Assume that node A currently has IP address 192.168.1.1 already configured on its NIC. At this point, neighboring devices know to contact 192.168.1.1 using the MAC 01:01:01:01:01:01.

    • Using the heartbeat protocol, node B determines that node A has died.

    • Node B configures a secondary IP on an interface with ifconfig eth0:1 192.168.1.1.

    • Node B issues a gratuitous ARP with send_arp eth0 192.168.1.1 02:02:02:02:02:02 192.168.1.255. All devices receiving this ARP update their table to point to 02:02:02:02:02:02 for the IP address 192.168.1.1.

Example Traffic

Ethernet II, Src: 02:02:02:02:02:02, Dst: ff:ff:ff:ff:ff:ff
    Destination: ff:ff:ff:ff:ff:ff (Broadcast)
    Source: 02:02:02:02:02:02 (02:02:02:02:02:02)
    Type: ARP (0x0806)
    Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request/gratuitous ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (0x0001)
    Sender MAC address: 02:02:02:02:02:02 (02:02:02:02:02:02)
    Sender IP address: 192.168.1.1 (192.168.1.1)
    Target MAC address: ff:ff:ff:ff:ff:ff (Broadcast)
    Target IP address: 192.168.1.1 (192.168.1.1)

0000  ff ff ff ff ff ff 02 02 02 02 02 02 08 06 00 01   ................
0010  08 00 06 04 00 01 02 02 02 02 02 02 c0 a8 01 01   ................
0020  ff ff ff ff ff ff c0 a8 01 01 00 00 00 00 00 00   ................
0030  00 00 00 00 00 00 00 00 00 00 00 00               ............

Discussion

What's a good choice for example MACs? I picked 02:02:02:02:02:02. Is there a better one? -- RandyMcEoin

What about AA:AA:AA:AA:AA:AA and BB:BB:BB:BB:BB:BB *g*? -- SaschaZorn

MAC 01:01... and 02:02:... is great! No better one! --Rebel

I updated the article to differentiate between gratuitous ARP request and reply..