Manual Chapter :
Address Resolution Protocol
Applies To:
Show Versions
BIG-IP AAM
- 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP APM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP Analytics
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP Link Controller
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP PEM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
BIG-IP ASM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Address Resolution Protocol
Address Resolution Protocol on the BIG-IP system
The BIG-IP® system is a multi-layer network device, and as such, needs to
perform routing functions. To do this, the BIG-IP system must be able to find destination MAC
addresses on the network, based on known IP addresses. The way that the BIG-IP system does this
is by supporting
Address Resolution Protocol (ARP)
, an industry-standard Layer 3 protocol.What are the states of ARP entries?
When you use the BIG-IP Configuration utility to view the entries in the ARP cache, you can
view the state of each entry:
- RESOLVED
- Indicates that the system has successfully received an ARP response (a MAC address) for the requested IP address within two seconds of initiating the request. An entry in a RESOLVED state remains in the ARP cache until the timeout period has expired.
- INCOMPLETE
- Indicates that the system has made one or more ARP requests within the maximum number of requests allowed, but has not yet received a response.
- DOWN
- Indicates that the system has made the maximum number of requests allowed, and still receives no response. In this case, the system discards the packet, and sends an ICMP host unreachable message to the sender. An entry with a DOWN state remains in the ARP cache until the first of these events occurs:
- Twenty seconds elapse.
- The BIG-IP system receives either a resolution response or a gratuitous ARP from the destination host. (Agratuitous ARPis an ARP message that a host sends without having been prompted by an ARP request.)
- You explicitly delete the entry from the ARP cache.
About BIG-IP responses
to ARP requests from firewall devices
The system does not respond to ARP requests sent from any firewall that uses
a multicast IP address as its source address.
About gratuitous ARP
messages
When dynamically updating the ARP cache, the BIG-IP system includes not only
entries resulting from responses to ARP requests, but also entries resulting from gratuitous ARP
messages.
For security reasons, the system does not fully trust gratuitous ARP
entries. Consequently, if there is no existing entry in the cache for the IP address/MAC pair,
and the BIG-IP system cannot verify the validity of the gratuitous ARP entry within a short
period of time, the BIG-IP system deletes the entry.
Management of static ARP entries
You can manage static entries in the ARP cache in various ways.
Task summary
Adding a static ARP
entry
Perform this task to add entries to the ARP cache
on the BIG-IP system. Adding a static entry for a destination server to the ARP cache
saves the BIG-IP system from having to send an ARP broadcast request for that
destination server. This can be useful when you want the system to forward packets to a
special MAC address, such as a shared MAC address, or you want to ensure that the MAC
address never changes for a given IP address.
- On the Main tab, click .
- ClickCreate.
- In theNamefield, type a name for the ARP entry.
- In theIP Addressfield, type the IP address with which you want to associate a MAC address.
- In theMAC Addressfield, type the MAC address that you want to associate with the specified IP address.
- ClickFinished.
When the BIG-IP system must forward packets to the specified IP address, the system
checks the ARP cache to find the MAC address. The system then checks the VLAN’s Layer 2
forwarding table to determine the appropriate outgoing interface.
Viewing static ARP entries
Perform this task to view static entries in the ARP cache.
- On the Main tab, click .
- View the list of static ARP entries.
You can now see all static entries in the ARP cache.
Deleting static ARP entries
Perform this task to delete a static entry from the ARP cache.
- On the Main tab, click .
- Locate the entry you want to delete, and to the left of the entry, select the check box.
- ClickDelete.A confirmation message appears.
- ClickDelete.
The deleted entry is no longer in the BIG-IP system ARP cache.
Management of dynamic ARP entries
You can manage dynamic entries in the ARP cache in various ways.
Task summary
Viewing dynamic ARP entries
Perform this task to view dynamic entries in the ARP cache.
- On the Main tab, click .
- View the list of dynamic ARP entries.
You can now see the list of dynamic ARP entries.
Deleting dynamic ARP entries
Perform this task to delete a dynamic entry from the ARP cache.
- On the Main tab, click .
- Locate the entry you want to delete and, to the left of the entry, select the check box.
- ClickDelete.A confirmation message appears.
- ClickDelete.
The deleted entry is no longer in the BIG-IP system ARP cache.
Configuring global
options for dynamic ARP entries
Perform this task to apply global options to all dynamic ARP
entries.
- On the Main tab, click .
- In theDynamic Timeoutfield, specify a value, in seconds.The seconds begin to count down toward0for any dynamically-added entry. When the value reaches0, the BIG-IP system automatically deletes the entry from the cache. If the entry is actively being used as the time approaches0, ARP attempts to refresh the entry by sending an ARP request.
- In theMaximum Dynamic Entriesfield, specify a maximum number of entries.Configure a value large enough to maintain entries for all directly-connected hosts with which the BIG-IP system must communicate. If you have more than 2000 hosts that are directly connected to the BIG-IP system, you should specify a value that exceeds the default value of2048.If the number of dynamic entries in the cache reaches the limit that you specified, you can still add static entries to the cache. This is possible because the system can remove an older dynamic entry prematurely to make space for a new static entry that you add.
- In theRequest Retriesfield, specify the number of times that the system can resend an ARP request before marking the host as unreachable.
- For theReciprocal Updatesetting, select or clear the check box to enable or disable the setting.EnabledCreates an entry in the ARP cache whenever the system receives who-has packets from another host on the network. When you enable this option, you slightly enhance system performance by eliminating the need for the BIG-IP system to perform an additional ARP exchange later.DisabledPrevents a malicious action known as ARP poisoning.ARP poisoningoccurs when a host is intentionally altered to send an ARP response containing a false MAC address.
- ClickUpdate.
The BIG-IP system now applies these values to all dynamic ARP entries.
Global options for dynamic ARP cache entries
You can configure a set of global options for controlling dynamic ARP cache entries.
Option |
Description |
|---|---|
Dynamic Timeout |
Specifies the maximum number of seconds that a dynamic entry can remain in the
ARP cache before the BIG-IP system automatically removes it. |
Maximum Dynamic Entries |
Limits the number of dynamic entries that the BIG-IP system can hold in the ARP
cache at any given time. This setting has no effect on the number of static entries
that the ARP cache can hold. |
Request Retries |
Specifies the number of times that the BIG-IP system resends an ARP request
before finally marking the host as unreachable. |
Reciprocal Update |
Enables the BIG-IP system to store additional information, which is information
that the system learns as a result of other hosts on the network sending ARP broadcast
requests to the BIG-IP system. |
