H3C Technologies H3C SecPath F1000-E User Manual
Page 53
45
interface regularly. In this way, the hosts on the network segment can learn the correct gateway
address information and can therefore access the network.
2.
Prevent aging of the gateway ARP entry.
In practice, if the network load is heavy or the CPU usage of hosts on the network is high, ARP
packets may be dropped or the hosts cannot process ARP packets timely. In such cases, the
dynamic ARP entries of the hosts may be aged out due to timeout, and the traffic between the hosts
and the gateway may be interrupted before the ARP entry of the gateway is learnt.
To solve this problem, you can enable the gateway interface to send gratuitous ARP packets that
contain the primary IP address or a manually configured secondary IP address regularly. This is to
help the hosts update their ARP entries timely and prevent such traffic interruption to the utmost
extent.
3.
Prevent the virtual IP address of a VRRP group from being used by a host.
When a network has a VRRP group, the master router in the VRRP group must regularly send
gratuitous ARP packets to the hosts on the network to make the hosts update their local ARP entries
timely, thus ensuring no device on the network uses the virtual IP address of the VRRP group.
As the virtual IP address of the VRRP group may correspond to the virtual MAC address or the
actual MAC address, the gratuitous ARP packets will use the virtual MAC address or the actual
MAC address accordingly.
4.
Update MAC entries of devices in the VLANs having ambiguous VLAN termination configured.
In VRRP configuration, if ambiguous VLAN termination is configured for many VLANs and VRRP
groups, interfaces configured with VLAN termination need to be disabled from transmitting
broadcast/multicast packets and a VRRP control VLAN needs to be configured so that VRRP
advertisements can be transmitted within the control VLAN only. In such cases, you can enable
periodic sending of gratuitous ARP packets containing the VRRP virtual IP address, and the primary
IP address or a manually configured secondary IP address of the sending interface on the
subinterfaces. In this way, when a VRRP failover occurs, devices in the VLANs having ambiguous
VLAN termination configured can use the gratuitous ARP packets to update their corresponding
MAC entries in time.
NOTE:
For more information about VRRP, see
High Availability Configuration Guide.
Configuring periodic sending of gratuitous ARP packet in the
web interface
Select Firewall > ARP Anti-Attack > Send Gratuitous ARP from the navigation tree to enter the Send
Gratuitous ARP page, as shown in
.