[buug] arp

Michael Paoli Michael.Paoli at cal.berkeley.edu
Sat Nov 24 12:14:37 PST 2007

And there's another thing that can typically greatly speed and ease
the switchover: gratuitous ARP reply

Quoting Michael Paoli:

> Quoting John de la Garza:
> > I have a webserver that is say ip addr: 1.  I make change it to be 2,  
> > then make a new box (different nic) to be ip addr of 1.  Now things  
> > behave odd... I just learned that things like this get cached.
> > 
> > Is there a way I can erase the entire arp cache and let it get  
> > rebuilt?  or must I do it case by case  with arp -d?
> One can generally check/alter the arp cache data via the arp command. 
> Typically arp data will effectively fix itself (older data timing out) 
> within several minutes.  If the problem(s)/issue(s) are lasting longer  
> than that, you likely have something else going on.  /etc/ethers can be 
> used for persistent Ethernet MAC <--> IP mapping (and thwarting arp cache
> poisoning) ... but that's typically not used in most environments.  If  
> you've still got persistent issues, you may want to poke around with 
> tcpdump or the like, a bit more, to see what's actually going on on the 
> network.  With suitable options to tcpdump, one will get to see the arp 
> request and reply packets (or note the lack thereof) and the 
> Ethernet MAC addresses (link level headers).  That should be enough to 
> relatively quickly isolate if one has a Ethernet MAC address and/or arp 
> or related issue/problem.

More information about the buug mailing list