Hello,
OK, lets make a short tutorial out of this:
In case you have 2 Servers which are able to serve the same ressource
(Host-A, Host-B) and a single point where all the queries for those hosts
come into your local server network (Router) the situation looks like this:
| +------+
+-----|Host-A|
+------+ | +------+
--|Router|------+
+------+ | +------+
+-----|Host-B|
| +------+
Now, the Router, the Host-A and the Host-B have assigne Unique Addresses on
the local wire:
Router> ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up
Host-A> ifcnofig eth0 10.0.0.2 netmask 255.255.255.0 up
Host-B> ifconfig eth0 10.0.0.3 netmask 255.255.255.0 up
Okay, IP now works the follwing way:
The Router receives an IP Packet for a Address. The Router looks into the
routing table to see what he has to do with the packet (in case it is not
for itself). From the Routing table the router gets the information on which
interface it has to send the packet and to which neighbour. The Routingtable
of the Router is giving the server-net as the destination interface, and the
targets address as the neigbour. This means a packet for 10.0.0.2 or
10.0.0.3 or 10.0.0.4 should be send on the server net to the host with the
same address. Now ARP starts. The Problem is, that on ethernet a network
card cant send a packet to an IP address, but only to an Hardware (MAC)
Address. The router has a table, calles the ARP table (or neighbouring
cache). In this table is something like:
en0 10.0.0.2 aa:bb:cc:dd:e2
This means, on the ethernet interface en0 the host with the address 10.0.0.2
has the ethernet address aa:bb:cc:dd:e2. Now if the router wants to send a
IP-Packet the router looks into the arp cache and - if there is an entry -
reads the mac address and sends the ip packet. The interesting part starts,
if there is no entry (which is true for the first connection, or after some
time of inactivity): The router sends an ARP-Request, which looks like this:
>From aa:bb:cc:dd:e1 <- this is the routers hardware address
To ff:ff:ff:ff:ff <- this means "ethernet broadcast" = all stations
WHOHAS 10.0.0.2 <- this is the command, who has the address 10.0.0.2
TELL 10.0.0.1 <- the routers IP address
This ARP request arrives at all hosts on the local wire. Every host is
required to look into the arp-packet and compare the requested IP-Address
with the list of local IP-addresses. If the address is matching, the host
respnds with:
To aa:bb:cc:dd:e1 <- This is the routers HW Address, the requester
reply 10.0.0.2 <- this is the answer, that this host feels responsible
is-at aa:cc:cc:dd:e2 <- This is the hosts hardware address (set by hardware)
The response will arrive at the router (and only at the router) and be
processed (i.e. it will be stored with a time stamp in the cache, and the
real IP packet will be send on the wire, aimed at the recently received
HW-address).
Okay, there are a few reasons the ARP entries in the routers cache can be
cleared:
a) manuel flush of the cache (seldom) or reboot
b) timeout (unused entries are purged after a given time)
c) refresh (the router tries to re-reqest the address from tme to time)
d) error (on some error conditions the router drops the address to refresh it)
e) gratious arp
ad a) can be used to tell the router to redirect the requets to another host
but its slow and needs some (unstable) hacking
ad b) the timeout is usually too long and wont expire if there are very
frequent requests
ad c) the refresh time is too long. Since there are a few refresh retries
after an unreachable host is noticed, this is too slow fo failover, too
ad d) the arp-flush is nut used by routers forwarding packets, therefore
this wont detect the "error" of the unreachable host/timeout (depends on the
router)
ad e) generally this is the situation when a host requests its own hardware
address with a broadcast request. In that case hosts should use the senders
IP address and the senders HW address to update the arp cache.
From: aa:bb:cc:dd:e2 From Host-B
To: ff:ff:ff:ff:ff To all station
Request
whohas 10.0.0.2 <- requested target
tell 10.0.0.2 <- reqesters ip address
> That is exactly what I'm trying to do. I thought that proxy arp and
> gratuitous arp were the same! What's the difference?
Proxy ARP means: Answer ARP requests for IP Addresses which are not local to
you. For example a PPP Server will answer for ARP requsts for one of its
clients. This means all servers in a network whith a dial-in server can talk
to the PPP clients without knowing, that they are "behind" the PPP router.
Gratious ARP means: request you own address just to inform all hosts on the
same wire about your new/changed address.
> But the gratuitous arp will stop the router from sending arp
> requests.
Only if they are constucted well and are send often enough. Its depending on
the ARP implementation in the router.
> OK, this is sounding good. That user mode program, what do you
> recommend?
arping is a tool wich can "ping" host with arp packets and it can be used to
generate "faked" ARP-requests or ARP-responses (which other hosts
understands and proccess). (there are other tools to construct and send
packets like SPAK or ipsend, but both might be overkill). Ah yes: since
ifconfig should make a gratious ARP if an interface goes up it migt be
possible that this function will be included in ifconfig (or a helper tool),
since it should not be bloat the kernel.
> This I don't understand... Is this something I must configure or
> program? What is the reason for the 1sec delay?
Well, its a bad idea. I think you defintelly want to look at the fake
package for linux. You can find all mentioned tools on the freefire tools
and ressources page: http://sites.inka.de/lina/freefire-l/index.en.html
Have a nice day
Bernd
--
(OO) -- [EMAIL PROTECTED] --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
