No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Principles

Principles

This section describes the implementation of ARP.

ARP Principles

Format of ARP Packets

Figure 6-7 shows the format of an ARP Request or Reply packet.

Figure 6-7 Format of an ARP Request or Reply packet

Description of the main fields is as follows:

  • Hardware Type: indicates the hardware address type. For an Ethernet, the value of this field is 1.
  • Protocol Type: indicates the type of the protocol address to be mapped. For an IP address, the value of this field is 0x0800.
  • Hardware Length: indicates the hardware address length. For an ARP Request or Reply packet, the value of this field is 6.
  • Protocol Length: indicates the protocol address length. For an ARP Request or Reply packet, the value of this field is 4.
  • OP: indicates the operation type. The value 1 indicates ARP requesting, and the value 2 indicates ARP replying.
  • Ethernet Address of sender: indicates the MAC address of the sender.
  • IP Address of sender: indicates the IP address of the sender.
  • Ethernet Address of destination: indicates the MAC address of the receiver.
  • IP Address of destination: indicates the IP address of the receiver.
Address Resolution Process

ARP completes address resolution through two processes: ARP request process and ARP reply process.

Figure 6-8 ARP request process

As shown in Figure 6-8, HOSTA and HOSTB are on the same network segment. HOSTA needs to send IP packets to HOSTB.

HOSTA searches the local ARP table for the ARP entry corresponding to HOSTB. If the corresponding ARP entry is found, HOSTA encapsulates the IP packets into Ethernet frames and forwards them to HOSTB based on its MAC address.

If the corresponding APR entry is not found, HOSTA caches the IP packets and broadcasts an ARP Request packet. In the ARP Request packet, the IP address and MAC address of the sender are the IP address and MAC address of HOSTA. The destination IP address is the IP address of HOSTB, and the destination MAC address contains all 0s. All hosts on the same network segment can receive the ARP Request packet, but only HOSTB processes the packet.

Figure 6-9 ARP reply process

HOSTB compares its IP address with the destination IP address in the ARP Request packet. If HOSTB finds that its IP address is the same as the destination IP address, HOSTB adds the IP address and MAC address of the sender (HOSTA) to the local ARP table. Then HOSTB unicasts an ARP Reply packet, which contains its MAC address, to HOSTA, as shown in Figure 6-9.

After receiving the ARP Reply packet, HOSTA adds HOSTB's MAC address into the local ARP table. Meanwhile, HOSTA encapsulates the IP packets and forwards them to HOSTB.

ARP Aging Mechanism
  • ARP cache (ARP table)

    If HOSTA broadcasts an ARP Request packet every time it communicates with HOSTB, the communication traffic on the network will increase. Furthermore, all hosts on the network have to receive and process the ARP Request packet, which decreases network efficiency.

    To solve the preceding problems, each host maintains an ARP cache, which is the key to efficient operation of ARP. This cache contains the recent mapping from IP addresses to MAC addresses.

    Before sending IP packets, a host searches the cache for the MAC address corresponding to the destination IP address. If the cache contains the MAC address, the host does not send an ARP Request packet but directly sends the IP packets to the destination MAC address. If the cache does not contain the MAC address, the host broadcasts an ARP Request packet on the network.

  • Aging time of dynamic ARP entries

    After HOSTA receives the ARP Reply packet from HOSTB, HOSTA adds the mapping between the IP address and the MAC address of HOSTB to the ARP cache. However, if a fault occurs on HOSTB or the network adapter of HOSTB is replaced but HOSTA is not notified, HOSTA still sends IP packets to HOSTB. This fault occurs because the APR entry of HOSTB in the ARP cache on HOSTA is not updated.

    To reduce address resolution errors, a timer is set for each ARP entry in an ARP cache. When a dynamic ARP entry expires, the device sends ARP aging probe packets to the corresponding host. If the host does not respond, the ARP entry is deleted, otherwise, the ARP entry is saved.

    Configuring the timer reduces address resolution errors but does not eliminate the problem because of the time delay. Specifically, if the length of a dynamic APR entry timer is N seconds, the sender can detect the fault on the receiver after N seconds. During the N seconds, the cache on the sender is not updated.

  • Number of probes for aging dynamic ARP entries

    Besides setting a timer for dynamic ARP entries, you can set the number of probes for aging dynamic ARP entries to reduce address resolution errors. Before aging a dynamic ARP entry, a host sends ARP aging probe packets. If the host receives no ARP Reply packet after the number of probes reaches the maximum number, the ARP entry is deleted.

  • Aging probe modes for dynamic ARP entries

    Before a dynamic ARP entry on a device is aged out, the device sends ARP aging probe packets to other devices on the same network segment. An ARP aging probe packet can be a unicast or broadcast packet. By default, a device sends the last ARP aging probe message in broadcast mode, and the rest ARP aging probe messages are sent in unicast mode.

    If the IP address of the peer device remains the same but the MAC address changes frequently, it is recommended that you configure ARP aging probe packets to be broadcast.

    If the MAC address of the peer device remains the same, the network bandwidth is insufficient, and the aging time of ARP entries is short, it is recommended that you configure ARP aging probe packets to be unicast.

    When a non-Huawei device connected to a Huawei device receives an ARP aging probe packet whose destination MAC address is a broadcast address, the non-Huawei device checks the ARP table. If the mapping between the IP address and the MAC address of the Huawei device exists in the ARP table, the non-Huawei device drops the ARP aging probe packet. The Huawei device cannot receive a response and therefore deletes the corresponding ARP entry. As a result, traffic from the network cannot be forwarded. In this scenario, the Huawei device needs to send ARP aging probe packets in unicast mode and the non-Huawei device needs to respond to the ARP aging probe packets.

Dynamic ARP

Dynamic ARP entries are generated and maintained dynamically by using ARP packets. They can be aged out, updated, or overwritten by static ARP entries. When the aging time expires or the interface is Down, the corresponding dynamic ARP entries are deleted.

Static ARP

Static ARP entries record fixed mapping between IP addresses and MAC addresses and are configured manually by network administrators.

Gratuitous ARP

Gratuitous ARP enables a host to send an ARP Request packet using its own IP address as the destination address. Gratuitous ARP provides the following functions:

  • Checks duplicate IP addresses: Normally, a host does not receive an ARP Reply packet after sending an ARP Request packet with the destination address being its own IP address. If the host receives an ARP Reply packet, another host has the same IP address.

  • Advertises a new MAC address. If the MAC address of a host changes because its network adapter is replaced, the host sends a gratuitous ARP packet to notify all hosts of the change before the ARP entry is aged out.

  • Notifies an active/standby switchover in a VRRP backup group: After an active/standby switchover, the master switch sends a gratuitous ARP packet in the VRRP backup group to notify the switchover.

Proxy ARP

If an ARP Request packet is sent to a host on a different network, the device that connects the two networks can reply to this packet. This function is called proxy ARP.

Proxy ARP has the following characteristics:

  • Proxy ARP is implemented on the ARP subnet gateway without any modifications on any hosts.
  • Proxy ARP can shield topologies of physical networks so that hosts on different physical networks can use the same network ID to communicate. Proxy ARP enables hosts that are on the same network segment but on different physical networks to communicate.
  • Proxy ARP affects only the ARP caches on hosts but does not affect the ARP cache or routing table on the gateway.
  • After proxy ARP is enabled, the aging time of ARP entries on hosts should be shortened so that invalid ARP entries can be deleted as soon as possible. Then IP packet forwarding failures decrease on the switch.

Proxy ARP Type

Resolved Issue

Routed proxy ARP

Allows hosts on the same network segment but on different physical networks to communicate.

Intra-VLAN proxy ARP

Allows isolated hosts in a VLAN to communicate.

Inter-VLAN proxy ARP

Allows hosts in different VLANs or hosts in different sub-VLANs of the same VLAN to communicate at Layer 3.

Routed Proxy ARP

Routed proxy ARP enables network devices on the same network segment but on different physical networks to communicate.

In practice, if a host connected to a switch is not configured with a default gateway address (that is, the host does not know how to reach the intermediate system of the network), the host cannot transmit packets.

As shown in Figure 6-10, SwitchA is connected to two networks through VLAN10 and VLAN20. The IP addresses of VLANIF10 and VLANIF20 are on different network segments. However, the masks make HOSTA and VLANIF10 on the same network segment, HOSTB and VLANIF20 on the same network segment, and HOSTA and HOSTB on the same network segment.

Figure 6-10 Application of routed proxy ARP

The IP addresses of HOSTA and HOSTB are on the same network segment. When HOSTA needs to communicate with HOSTB, HOSTA broadcasts an ARP Request packet, requesting the MAC address of HOSTB. However, HOSTA and HOSTB are on different physical networks (in different broadcast domains). Therefore, HOSTB cannot receive the ARP Request packet sent from HOSTA and does not respond with an ARP Reply packet.

To solve this problem, enable proxy ARP on SwitchA. After receiving an ARP Request packet, SwitchA enabled with proxy ARP searches for the routing table corresponding to HOSTB. If the switch corresponding to HOSTB exists, SwitchA responds to the ARP Request packet with its own MAC address. HOSTA forwards data based on the MAC address of SwitchA. SwitchA functions as the proxy of HOSTB.

Intra-VLAN Proxy ARP

If two hosts belong to the same VLAN but are isolated, enable intra-VLAN proxy ARP on an interface associated with the VLAN to allow the hosts to communicate.

As shown in Figure 6-11, HOSTA and HOSTB are connected to SwitchA. The two interfaces connected to HOSTA and HOSTB belong to VLAN10.

Figure 6-11 Application of intra-VLAN proxy ARP

HOSTA and HOSTB cannot communicate at Layer 2 because interface isolation in a VLAN is configured on SwitchA.

To solve this problem, enable intra-VLAN proxy ARP on the interfaces of SwitchA. After SwitchA's interface connected to HOSTA receives an ARP Request packet whose destination address is not its own address, SwitchA does not discard the packet but searches for the ARP entry corresponding to HOSTB. If the ARP entry corresponding to HOSTB exists, SwitchA sends its MAC address to HOSTA and forwards packets sent from HOSTA to HOSTB. SwitchA functions as the proxy of HOSTB.

Inter-VLAN Proxy ARP

If two hosts belong to different VLANs, enable inter-VLAN proxy ARP on interfaces associated with the VLANs to implement Layer 3 communication between the two hosts.

As shown in Figure 6-12, HOSTA and HOSTB are connected to SwitchA. The interface connected to HOSTA belongs to VLAN10, and the interface connected to HOSTB belongs to VLAN20.

Figure 6-12 Application of inter-VLAN proxy ARP

The interfaces connected to HOSTA and HOSTB belong to different VLANs. Therefore, HOST A and HOSTB cannot communicate at Layer 2.

To solve this problem, enable inter-VLAN proxy ARP on the interfaces of SwitchA. After SwitchA's interface connected to HOSTA receives an ARP Request packet whose destination address is not its own address, SwitchA does not discard the packet but searches for the ARP entry corresponding to HOSTB. If the ARP entry corresponding to HOSTB exists, SwitchA sends its MAC address to HOSTA and forwards packets sent from HOSTA to HOSTB. SwitchA functions as the proxy of HOSTB.

Fast ARP Reply

As shown in Figure 6-13, the Switch functioning as a gateway connects to multiple servers or virtual machines (VMs). The servers or virtual machines (VMs) send ARP Request packets to the gateway at a fixed interval to detect whether the gateway is working properly. The destination IP address of the ARP Request packets is the IP address of the gateway. Processing a large number of ARP Request packets slows the ARP response of the gateway and even causes the gateway unable to respond to the ARP Request packets of some servers or virtual machines (VMs). The ARP entries of the servers or virtual machines (VMs) are then aged out on the gateway. As a result, packet loss or service interruption occurs.

Fast ARP reply can reduce load on the gateway and improve ARP packet processing efficiency. When the gateway learns the ARP entries of the servers or virtual machines (VMs), the gateway directly sends ARP Response packets to the servers or virtual machines (VMs) without learning ARP entries again. This method reduces the packet processing pressure on the gateway. Fast ARP response allows a device to directly send ARP Response packets in response to ARP Request packets with the destination IP address as the IP address of the device. This function speeds up ARP response and ensures uninterrupted service forwarding.

Figure 6-13 Typical networking for fast ARP response

Layer 2 Proxy ARP

Possible Causes

ARP request messages are broadcast. When receiving an ARP request message, the switching device broadcasts the message within its broadcast domain. If a switching device receives a large number of ARP request messages and broadcasts them, excessive network resources are consumed. The network is congested and the performance deteriorates. Therefore, services are affected.

Layer 2 proxy ARP effectively distributes the pressure of processing ARP messages by isolating ARP broadcast domains and proxy responding to ARP request messages with local messages. Layer 2 proxy ARP applies to access or convergence devices that connect the gateway and the user.

Implementation Process
When receiving ARP Request messages, switching devices queries DHCP snooping and ARP snooping entries based on the destination IP address.
  1. Query DHCP snooping entries.

    • If the query succeeds, the device responds to ARP request messages carrying information of the DHCP snooping entries.

    • If the query fails, go to step 2.

    NOTE:
    For details on DHCP Snooping, see DHCP Snooping Configuration in the CX11x&CX31x&CX91x Series Switch Modules Configuration - Configuration Guide - Security.
  2. Query ARP snooping entries.

    • If the query succeeds, the device responds to ARP request messages carrying information of the ARP snooping entries.

    • If the query fails, the device processes the ARP request messages based on the original procedure.

    NOTE:
    ARP snooping is a feature applied to Layer 2 switching networks. Devices use ARP snooping to monitor ARP messages and sets up ARP snooping entries recording user information. The information includes source IP addresses of ARP messages, source MAC addresses, inbound interfaces of the messages, and VLANs that the interfaces belong to.

ARP-Ping

ARP-Ping includes ARP-Ping IP and ARP-Ping MAC. ARP-Ping sends ARP Request packets or ICMP Echo Request packets to check whether a specified IP address or MAC address is used.

ARP-Ping IP

ARP-Ping IP checks whether an IP address is used by another device on the LAN by sending ARP packets.

Before configuring an IP address for a device, configure ARP-Ping IP on the device to check whether this IP address has been used by sending ARP Request packets.

You can also run the ping command to check whether this IP address is used by another device on the network. However, if the switch or host that uses the IP address is enabled with the firewall function and the firewall is configured not to respond to ping packets, you may be misled into thinking that this IP address is not used. To solve the problem, use ARP-Ping IP. ARP is a Layer 2 protocol. Therefore, ARP packets can pass through the firewall that is configured not to respond to ping packets.

ARP-Ping IP sends ARP Request packets. ARP-Ping IP is implemented as follows:

  1. After an IP address is specified for a host using the ping arp ip command, the host sends an ARP Request packet and starts a timer of waiting for an ARP Reply packet.

  2. After receiving the ARP Request packet, the switch or host that uses this IP address in the LAN returns an ARP Reply packet.

  3. The sender performs the following two operations based on whether it receives the ARP packet:

    • If the sender receives an ARP Reply packet, the sender compares the source IP address carried in the ARP Reply packet with the IP address specified using the arp-ping ip command. If the two IP addresses are the same, the MAC address corresponding to the specified IP address is displayed and the timer is disabled.
    • If the sender does not receive an ARP Reply packet before the timer of waiting for an ARP Reply packet expires, the sender displays a message indicating that the IP address is not used by another switch device or host.
ARP-Ping MAC

The ARP-Ping MAC process is similar to the ping process. The difference is that ARP-Ping MAC applies only to directly connected Ethernet LANs or Layer 2 VPN Ethernet networks.

ARP-Ping MAC sends ICMP Echo Request packets. ARP-Ping MAC is implemented as follows:

  1. After a MAC address is specified for a host using the ping arp mac command, the host sends an ICMP Echo Request packet and starts a timer of waiting for an ICMP Echo Reply packet.

  2. After receiving the ICMP Echo Request packet, the switch device or host that uses this MAC address in the LAN returns an ICMP Echo Reply packet.

  3. The sender performs the following two operations based on whether it receives the ICMP packet:

    • If the sender receives an ICMP Echo Reply packet, the sender compares the source MAC address carried in the ICMP Echo Reply packet with the MAC address specified using the arp-ping mac command. If the two MAC addresses are the same, the sender displays the source IP address of the ICMP Echo Reply packet and displays a message indicating that the MAC address is used by another switch device or host. The timer is disabled.
    • If the sender does not receive an ARP Reply packet before the timer of waiting for an ICMP Echo Reply packet expires, the sender displays a message indicating that the MAC address is not used by another switch device or host.
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58131

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next