NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Any way to suppress select arp messages?



Hi--

First, thanks to Christos for the suggested patch.

The log_arp_movements sysctl is a helpful knob that defaults to alerting people 
when IP/ARP associations change, since that is generally unexpected unless some 
form of load-balancing or failover is in place (VRRP, CARP, HAST, etc), just as 
log_arp_wrong_iface can be helpful to detect layer-2 loops or mis-cabling a 
multi-homed router/firewall box.  :-)

I wasn't as familiar with log_arp_permanent_modify.  While I'm aware of a few 
environments which use permanent ARP tables (/etc/ethers?), places big enough 
where that would make a significant difference also tend to be big enough that 
routers are using VRRP, your data-center guys end up swapping out a failed box 
out of the hundreds in the racks every month or so, and so forth such that you 
still do dynamic arps anyway.

On Aug 27, 2011, at 10:29 AM, Michael T. Davis wrote:
>       I appreciate this, thanks.  As I mentioned in the original message,
> there are cases where we'd like to see these notifications, so a selective
> approach is what's needed.  If all else fails, though, I can give this a try.

Second, perhaps something like arpwatch might help address your goals:

  http://ee.lbl.gov/

At some point we've moved away from stuff that needs to be in the kernel 
towards a monitoring purpose that might be better handled in userland....

Regards,
-- 
-Chuck



Home | Main Index | Thread Index | Old Index