> I see three classes of ARP gleaning, all of them rely on the entry already > existing in Solaris' cache, per your point. > > (1) Remote station emits a gratuitous broadcast ARP: Solaris updates its > cache > (2) Remote station emits a gratuitous unicast ARP: Solaris updates its > cache > (3) Remote station emits an ARP Request for the Solaris box's address: > Solaris > responds *and* uses the information in the ARP Request to update its > cache > > #3 is where I'm encountering confused machines: the source IP address in > these > ARP Requests is accurate, but the source MAC address is not. > > And I can see how failover schemes might use any or all of these techniques > to > propagate a change in their IP address <==> MAC address mappings. Dang. I > don't see a way to harden against this, at the host level, not without > getting > into static ARP mappings, which looks like a swamp to me.
Precisely -- and it would be a swamp. Seem you'll have to either fix those toxic boxes or isolate them on another LAN/VLAN. -- meem _______________________________________________ networking-discuss mailing list [email protected]
