[afnog] Packet Forwarding Issue with Linux

Hugo Lombard hal at elizium.za.net
Mon Apr 11 12:23:17 UTC 2011 

On Mon, Apr 11, 2011 at 03:08:51PM +0300, Gerald Begumisa wrote:
> 
>    Indeed I have noted this!  00:13:8f:37:a3:0a is the MAC address of the
>    currently active [old] server (which I should add is on the verge of self
>    destructing).
> 

Oh dear, hope you get this solved before it goes up in smoke!

>    When testing, we disconnect the old server entirely and bring the new
>    server on.  I guess the issue is one of two things:
> 
>    1. The ISP hard-coded the old server's MAC and we need to get them to
>    change it
>    2. The ISP's system is not updating it's ARP table quickly enough (doesn't
>    help that they don't permit ICMP traffic to their devices e.g we can't
>    ping 1.2.3.33)
> 

Judging from the MAC address, it would seem they're using a Cisco of
some sort.  I've seen this behaviour a couple of times on Cisco.  All
your ISP would need to do, is to issue a

  clear arp interface <INTERFACE>

on their router, with <INTERFACE> replaced by the name of the interface
you're connected to.

This will have the effect of clearing all entries on said interface, and
if there's multiple people on the same interface, they might object, but
in practice, it'll just requery the attached hosts and nobody should
bump into any issues.

>    Either way, we'll solve this by getting on phone with one of their network
>    engineers.  Interestingly, we'd considered this and after being assured by
>    their network engineers that their ARP would automatically update, we had
>    ruled it out.
> 

It's kind of a feature on Cisco equipment that they're reluctant to
update ARPs too often.  Some say it's to prevent ARP snooping attacks
and such.

You might also be able to play with arping to update the table, but I
can't guarantee that it'll work.  I think something to the line of

  /sbin/arping -A -I eth2 1.2.3.42

might do the needful.  Might be worth trying, but the best would be if
they just clear their ARP cache on the interface.

>    Thanks for all the help!
> 

Glad I could be of assistance :)

Regards

-- 
Hugo Lombard

More information about the afnog mailing list