Hi,
I have 2x 5710 in IRF. This is connected to internet (uplink to DC, 1 port from each in LACP). Default route is on IP from DC router, where is BGP for our network.
Now. In Vlan 159 I have public 2*/24 network from our /22. There is e.g. 1.1.1.0/24 subnet and 1.1.3.0.0/24.
Now i see that I have huge broadcast ARP request via all servers. Many of requests are for unconnected IPs. Here is dump from one server. .40 IP is not active.
sudo tcpdump -i eth0 -nn -v -s 0 -c 5011 broadcast|grep 1.1.1.4008:12:07.030653 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:08.530888 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:11.525518 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:33.399333 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:35.531024 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:38.524394 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:12:59.301789 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:00.524184 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:02.528513 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:25.168384 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:27.526131 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:29.528853 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:51.344531 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:53.533999 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
08:13:56.526344 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 1.1.1.40 tell 1.1.1.1, length 46
Is it normal behavior, or is it problem? Can I cache not-active IP in ARP? Or block it?
Thank you
Pavel