[c-nsp] IOS - Proxy arp + DAD gratuitous arp

Brandon Applegate brandon at burn.net
Tue Dec 2 16:40:24 EST 2014


Was wondering if anyone has ever seen an issue like this.  Anecdotal is fine too.

Essentially, I have an environment that the server guys are seeing duplicate IP issues - specifically from Win2k8 servers.  They say that they can manually intervene (dont know the details) and get the NIC working - but the ‘manual’ is the part thats killing them (rightfully so).

This is one of the only environments where I don’t control layer3 (layer2 VM farm - upstream layer3 is $org) :(  So I’m really doing forensics as I can’t “touch” the routers :(  In all the other environments of the like (where I DO control layer3) - we don’t have this problem.  In those environments we run 4900Ms - with relatively recent IOS.  In the questionable environment - I’m getting the feeling they may have some old gear doing layer3.

Here’s my theory - could the DAD GARP from Win2k on bootup be ‘answered’ by proxy arp on the Cisco side ?  In my environment where I control layer3 - this is what debug arp says when a box boots or changes it’s IP:

Dec  2 18:16:29.108: IP ARP: ignored gratuitous arp src 0011.2233.4455, dst 0066.7788.9900, interface Vlan110

I have no special config on this box arp-wise.  I am assuming that that is the (sane) default behavior of this version of IOS.

Could there be an older IOS (or bug) that would NOT ignore this and rather ‘answer’ for it ?  What about local proxy-arp (have never touched local proxy arp, only read about it).  I’m thinking that a proxy arp answer could trigger the duplicate IP detection in Win2k8.  No strange spanning tree errors or logs that I can see.  It could also be a ‘3rd party’ on the vlan somewhere - i.e. not the Cisco router(s).

I am working with $org, but while I sit and wait on emails and pcaps - I thought I’d post this.  Thanks in advance for any brain cycles spent on it.

Brandon Applegate - CCIE 10273
PGP Key fingerprint:
830B 4802 1DD4 F4F9 63FE  B966 C0A7 189E 9EC0 3A74
"SH1-0151.  This is the serial number, of our orbital gun."

More information about the cisco-nsp mailing list