From owner-freebsd-security@FreeBSD.ORG Wed Jan 21 06:59:52 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 243E316A4CE for ; Wed, 21 Jan 2004 06:59:52 -0800 (PST) Received: from sage-one.net (adsl-65-71-135-137.dsl.crchtx.swbell.net [65.71.135.137]) by mx1.FreeBSD.org (Postfix) with ESMTP id B3DE143D2F for ; Wed, 21 Jan 2004 06:59:50 -0800 (PST) (envelope-from jackstone@sage-one.net) Received: from sagea (sagea.sage-american [10.0.0.3]) by sage-one.net (8.12.8p2/8.12.8) with SMTP id i0LExmIA011256; Wed, 21 Jan 2004 08:59:49 -0600 (CST) (envelope-from jackstone@sage-one.net) Message-Id: <3.0.5.32.20040121085949.01e93e00@10.0.0.10> X-Sender: jackstone@10.0.0.10 X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 21 Jan 2004 08:59:49 -0600 To: "Bjoern A. Zeeb" , Mark From: "Jack L. Stone" In-Reply-To: References: <00dd01c3dfd6$2a7e1fd0$65a8a8c0@toshibauser> <09bd01c3ddbc$9f829070$fa10fea9@bryanuptrvb0jc> <20040118.184351.3b20743ee03ef7d3.10.0.3.9@bugsgrief.net> <00dd01c3dfd6$2a7e1fd0$65a8a8c0@toshibauser> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, hits=-4.7 required=4.5 tests=AWL,BAYES_00 autolearn=ham version=2.61-sage_one.rules_v3.1 X-Spam-Checker-Version: SpamAssassin 2.61-sage_one.rules_v3.1 (1.212.2.1-2003-12-09-exp) on sage-one.net cc: freebsd-security@freebsd.org Subject: Re: arp problem in /var/log/messages X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Jan 2004 14:59:52 -0000 At 05:53 AM 1.21.2004 +0000, Bjoern A. Zeeb wrote: >On Tue, 20 Jan 2004, Mark wrote: > >> But what causes them ? I get them too. > >one host, two NICs same braodcast domain ? > >-- >Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT Also, when NICs are switched around, especially if on a gateway machine. We just experienced this maddening issue. We moved a HD clone from one GW machine to another and it took a long time for any of the other machines to resolve the new NIC MAC and thus peppered with those arp messages. When we also moved the old NIC over as well, the problems ALL stopped instantly. It eliminated the need for the arp cache to catch up to the switching of the MACs which is cached along with the IPs. All of the machines then settled down. So, now with a CISCO and several switches involved, we now know the move the HD AND the NIC.... BTW, the Windows machines never did resolve the new NIC MAC after several hours, but the FBSD's did within about an hour. Lesson learned. Best regards, Jack L. Stone, Administrator SageOne Net http://www.sage-one.net jackstone@sage-one.net