[c-nsp] ARP entry created by NAT

[Vincent De Keyzer]

Hello,

 

we have recently moved our SNMP trap server behind a firewall.

 

The set-up is as follows:

 

 Network of

 SNMP Traps

 Producers

 |      |

+--+   +--+   +--+

|R1|   |R2|---|FW|-New

+--+   +--+   +--+

 |       |

-+--Old--+-

 

The SNMP trap server has moved from the 'Old' NMS VLAN to the 'New' one.

 

Since it is not easy to change SNMP trap servers [*] on all the network
elements, NAT has been used on R1 and R2. Incoming traps are redirected to
the new IP of the server thanks to translation of the destination address.

 

Quite appropriately, the router that does NAT has thought about the hosts
left on the 'Old' VLAN who still would like to chat with their old buddy
(the SNMP server) at its new address, and it replies to ARP requests for the
old IP address.

 

Not a bad idea, but the problem is that both R1 and R2 do the same, and
mutually complain about a "duplicate IP address" on that LAN, filling their
log buffer.

 

Does anybody have an elegant solution to this problem?

 

Vincent

 

[*] It seems a real challenge to many equipment manufacturers to make gear
on which you can update IP parameters (like SNMPc trap servers) without some
sort of outage (e.g. reboot). I really wonder why.