Gratuitous ARP could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply that is not normally needed according to the ARP specification (RFC 826) but could be used in some cases. A gratuitous ARP request is an Address Resolution Protocol request packet where the source and destination IP are both set to the IP of the machine issuing the packet and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made.
GARP 指 GARP 请求或 GARP 响应.这里的 Gratuitous 指 ARP specification (RFC 826) 说明的在一般情况下,请求/响应报文都是没有必要的.一个 GARP 请求报文是也一个 ARP 请求报文,特别之处在于源 IP 和目的 IP 都是发送者的 IP,且目的 MAC 为ff:ff:ff:ff:ff:ff,一般没有响应.GARP 响应是不针对任何请求的响应
####Gratuitous ARPs 主要有四个用处:
- 可以用来检测 IP 地址冲突.如果机器收到了源 IP 与本机 IP 相同的 ARP 请求,则说明有 IP 冲突
- 可以用来更新其他机器的 ARP 表,当本机需要移动某网卡的 IP 到另一张网卡时,可发送 GARP 更新其他机器的 ARP 表
- 告诉交换机发往本机的帧从某端口发送
- 每当 IP 设备被启用或者链路连接好,驱动程序都会发送 GARP 报文,因此,接收到此类报文往往说明该机器重启过或者网卡重新启用过
####示例
- The networking stack in many operating systems will issue a gratuitous ARP if the IP or MAC address of a network interface changes, to inform other machines on the network of the change so they can report IP address conflicts, to let other machines update their ARP tables, and to inform switches of the MAC address of the machine. The networking stack in many operating systems will also issue a gratuitous ARP on an interface every time the link to that interface has been brought to the up state. The gratuitous ARP then is used to preload the ARP table on all local hosts of the possibly new mapping between MAC and IP address (for failover clusters that do not take over the MAC address) or to let the switch relearn behind which port a certain MAC address resides (for failover clusters where you do pull the MAC address over as well or when you simply just move the network cable from one port to another on a normal nonclustered host)
- The High-Availability Linux Project utilizes a command-line tool called
send_arpto perform the gratuitous ARP needed in their failover process. A typical clustering scenario might play out like the following: - Two nodes in a cluster are configured to share a common IP address 192.168.1.1. Node A has a hardware address of
01:01:01:01:01:01and node B has a hardware address of02:02:02:02:02:02. - Assume that node A currently has IP address 192.168.1.1 already configured on its NIC. At this point, neighboring devices know to contact 192.168.1.1 using the MAC
01:01:01:01:01:01. - Using the heartbeat protocol, node B determines that node A has died.
- Node B configures a secondary IP on an interface with
ifconfig eth0:1 192.168.1.1. - Node B issues a gratuitous ARP with
send_arp eth0 192.168.1.1 02:02:02:02:02:02 192.168.1.255. All devices receiving this ARP update their table to point to02:02:02:02:02:02for the IP address 192.168.1.1.
####演示流量
Ethernet II, Src: 02:02:02:02:02:02, Dst: ff:ff:ff:ff:ff:ff
Destination: ff:ff:ff:ff:ff:ff (Broadcast)
Source: 02:02:02:02:02:02 (02:02:02:02:02:02)
Type: ARP (0x0806)
Trailer: 000000000000000000000000000000000000
Address Resolution Protocol (request/gratuitous ARP)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 02:02:02:02:02:02 (02:02:02:02:02:02)
Sender IP address: 192.168.1.1 (192.168.1.1)
Target MAC address: ff:ff:ff:ff:ff:ff (Broadcast)
Target IP address: 192.168.1.1 (192.168.1.1)
0000 ff ff ff ff ff ff 02 02 02 02 02 02 08 06 00 01 ................
0010 08 00 06 04 00 01 02 02 02 02 02 02 c0 a8 01 01 ................
0020 ff ff ff ff ff ff c0 a8 01 01 00 00 00 00 00 00 ................
0030 00 00 00 00 00 00 00 00 00 00 00 00 ............
####Discussion What's a good choice for example MACs? I picked {{{02:02:02:02:02:02}}}. Is there a better one? -- RandyMcEoin
-The '02' byte at the start of the MAC indicates that this is a 'locally administered address' which has been set by the local user or system. Most normal ethernet devices are allocated a MAC with 00 as the most significant byte.
I updated the article to differentiate between gratuitous ARP request and reply.
Note that some devices will respond to the gratuitous ''request'' and some will respond to the gratuitous ''reply''. If one is trying to write software for moving IP addresses around that works with all routers, switches and IP stacks, it is best to send both the ''request'' and the ''reply''. These are documented by RFC 2002 and RFC 826. Software implementing the gratuitious ARP function can be found in the Linux-HA source tree. A request may be preceded by a probe to avoid polluting the address space. For an ARP Probe the Sender IP address field is 0.0.0.0. ARP ''probes'' were not considered by the original ARP RFC.
-Does the target MAC address ever matter in requests? I gather Solaris uses ff:ff:ff:ff:ff:ff in its standard ARP requests and most other OSes use 00:00:00:00:00:00 instead. Is the use of the ff:ff:ff:ff:ff:ff MAC in the target address above significant in any way? Obviously having a destination address of ff:ff:ff:ff:ff:ff is critical.yes
RFC 3927, which is based on Gratuitous ARP, specifies 00:00:00:00:00:00 for the target MAC. However many simple TCP/IP stacks have an API which permits the specification of only one MAC value, and when the Ethernet Destination field is set to broadcast, the ARP target is also set broadcast. Note: Normal ARP requests have the same value in the ARP Packet Target MAC address as in the Ethernet Destination field.
- How can we explain if the source Ethernet MAC address is different from sender's MAC address in a GARP packet? The ARP packet value is for the ARP machine, the Ethernet value is for the Ethernet machine. Originally, they were intended to be redundant information, targeted at different layers. It is possible to consider a hypothetical network appliance that routes ARP packets, where the source Ethernet MAC address changes as the packet is routed, but normally ARP packets are not routed.