Applies To:
Show VersionsBIG-IP AAM
- 12.1.0
BIG-IP APM
- 12.1.0
BIG-IP Link Controller
- 12.1.0
BIG-IP Analytics
- 12.1.0
BIG-IP LTM
- 12.1.0
BIG-IP PEM
- 12.1.0
BIG-IP AFM
- 12.1.0
BIG-IP DNS
- 12.1.0
BIG-IP ASM
- 12.1.0
Address Resolution Protocol
Address Resolution Protocol on the BIG-IP system
The BIG-IP® system is a multi-layer network device, and as such, needs to perform routing functions. To do this, the BIG-IP system must be able to find destination MAC addresses on the network, based on known IP addresses. The way that the BIG-IP system does this is by supporting Address Resolution Protocol (ARP), an industry-standard Layer 3 protocol.
What are the states of ARP entries?
When you use the BIG-IP Configuration utility to view the entries in the ARP cache, you can view the state of each entry:
- RESOLVED
- Indicates that the system has successfully received an ARP response (a MAC address) for the requested IP address within two seconds of initiating the request. An entry in a RESOLVED state remains in the ARP cache until the timeout period has expired.
- INCOMPLETE
- Indicates that the system has made one or more ARP requests within the maximum number of requests allowed, but has not yet received a response.
- DOWN
- Indicates that the system has made the maximum number of requests allowed, and still
receives no response. In this case, the system discards the packet, and sends an ICMP host
unreachable message to the sender. An entry with a DOWN state remains in the ARP cache until
the first of these events occurs:
- Twenty seconds elapse.
- The BIG-IP system receives either a resolution response or a gratuitous ARP from the destination host. (A gratuitous ARP is an ARP message that a host sends without having been prompted by an ARP request.)
- You explicitly delete the entry from the ARP cache.
About BIG-IP responses to ARP requests from firewall devices
The system does not respond to ARP requests sent from any firewall that uses a multicast IP address as its source address.
About gratuitous ARP messages
When dynamically updating the ARP cache, the BIG-IP system includes not only entries resulting from responses to ARP requests, but also entries resulting from gratuitous ARP messages.
For security reasons, the system does not fully trust gratuitous ARP entries. Consequently, if there is no existing entry in the cache for the IP address/MAC pair, and the BIG-IP system cannot verify the validity of the gratuitous ARP entry within a short period of time, the BIG-IP system deletes the entry.
Management of static ARP entries
You can manage static entries in the ARP cache in various ways.
Task summary
Adding a static ARP entry
- On the Main tab, click .
- Click Create.
- In the Name field, type a name for the ARP entry.
- In the IP Address field, type the IP address with which you want to associate a MAC address.
- In the MAC Address field, type the MAC address that you want to associate with the specified IP address.
- Click Finished.
Viewing static ARP entries
- On the Main tab, click .
- View the list of static ARP entries.
Deleting static ARP entries
Management of dynamic ARP entries
You can manage dynamic entries in the ARP cache in various ways.
Task summary
Viewing dynamic ARP entries
- On the Main tab, click .
- View the list of dynamic ARP entries.
Deleting dynamic ARP entries
Configuring global options for dynamic ARP entries
Perform this task to apply global options to all dynamic ARP entries.
Global options for dynamic ARP cache entries
You can configure a set of global options for controlling dynamic ARP cache entries.
Option | Description |
---|---|
Dynamic Timeout | Specifies the maximum number of seconds that a dynamic entry can remain in the ARP cache before the BIG-IP system automatically removes it. |
Maximum Dynamic Entries | Limits the number of dynamic entries that the BIG-IP system can hold in the ARP cache at any given time. This setting has no effect on the number of static entries that the ARP cache can hold. |
Request Retries | Specifies the number of times that the BIG-IP system resends an ARP request before finally marking the host as unreachable. |
Reciprocal Update | Enables the BIG-IP system to store additional information, which is information that the system learns as a result of other hosts on the network sending ARP broadcast requests to the BIG-IP system. |