Subject: Re: Critique before commiting?
To: Mason Loring Bliss <>
From: John Hawkinson <jhawk@MIT.EDU>
List: tech-userlevel
Date: 07/12/2000 13:26:18
| No, that's the scenario. I've seen messages pass by my console in the
| past indicating errors where non-local (well, non-inside) hosts have
| been unable to add in entries because they're trying to replace addresses
| already extant.  Now, some of my boxes INSIDE my network don't send out
| lots of traffic, and occasionally they disappear from the arp tables as
| a consequence. I do not wish to have "rogue" entries added during these
| periods.

Have you ever seen this happen? I presume you're referring to "tried
to overwrite arp info" messages? Those only happen if an arp message
is received on the wrong interface, at least as far as I can
tell. (This would be a bit easier to understand if you provided the
details up-front.)

If you have "rogue" ARP data in your arp cache, when the legitimate
host comes back, you should get an ARP reply from it in response to
your ARP query and, and it should function just fine.

arp data is hardly a direction function of the amount of traffic the
hosts send -- yes, if you don't have any traffic to send for more than
20 minutes you may time out your arp cache, but you will send an arp
query as soon as you have traffic to send, and you should always
get an answer. [Is the problem that you get two answers and there's a race
between the good host and the bad??]

In short, I am skeptical that the scenario you describe necessitates the
solution you propose. And making that solution "easier" might encourage
others to take it, too.

But more to the point, if you have a network where you have multiple
MAC addresses fighting for the same IP addresses, your network is severely
broken and you should probably look into having it fixed. But it sounds
to me like perhaps someone might have bridged your "inside" and "outside"