Configuring gratuitous arp, Overview, Enabling learning of gratuitous arp packets – H3C Technologies H3C S12500 Series Switches User Manual

11

Configuring gratuitous ARP

Overview

In a gratuitous ARP packet, the sender IP address and the target IP address are both the IP address of the

switch issuing the packet.
A switch implements the following functions by sending gratuitous ARP packets:

•

Determining whether its IP address is already used by another switch. If the IP address is already
used, the switch issuing the gratuitous ARP packet will be informed by an ARP reply of the conflict.

•

Informing other switches about the change of its MAC address so that they can update their ARP
entries.

Enabling learning of gratuitous ARP packets

With this feature enabled, a switch receiving a gratuitous ARP packet adds the sender IP and MAC

addresses carried in the packet to its ARP table if no corresponding ARP entry exists. If a corresponding

ARP entry is found, the switch updates the ARP entry.
After this feature is disabled, the switch will use the address information in the received gratuitous ARP
packets to update the existing ARP entries only, but not to create new ARP entries.

Configuring periodic sending of gratuitous ARP packets

Enabling a switch to periodically send gratuitous ARP packets helps downstream switches update their

corresponding ARP entries or MAC entries in time. This feature can be used to:

•

Prevent gateway spoofing.
If an attacker sends forged gratuitous ARP packets to the hosts on a network, the traffic destined for
the gateway from the hosts is sent to the attacker instead. As a result, the hosts cannot access the

external network.
To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARP
packets containing its primary IP address or one of its manually configured secondary IP addresses

at a specific interval. In this way, each host can learn correct gateway address information.

•

Prevent ARP entries from being aged out.
If network traffic is heavy or the CPU utility is high on a host, ARP packets received might be
discarded or cannot be processed in time. Eventually, the dynamic ARP entries on the receiving

host will be aged out, and the traffic between the host and the corresponding switches will be

interrupted until the host creates the ARP entries again.
To prevent such a problem, you can enable the gateway to send gratuitous ARP packets
periodically. The gratuitous ARP packets contain the gateway's primary IP address or one of its

manually configured secondary IP addresses. In this way, the receiving host can update ARP
entries in time and thus ensure traffic continuity.

•

Prevent the virtual IP address of a VRRP group from being used by a host.