HPE Community
Operating System - HP-UX
1833653 Members
3749 Online
110062 Solutions
New Discussion

is it possible to hard code the IP to ARP MAC address in Unix

 
SOLVED
Go to solution
skt_skt
Honored Contributor

‎10-23-2009 04:45 AM

‎10-23-2009 04:45 AM

is it possible to hard code the IP to ARP MAC address in Unix

HP-UX 11.11

I see a problem with my arp table and wanted to disable the ARP table update or wanted to manipulate it.
0 Kudos
Reply
6 REPLIES 6
Duncan Edmonstone
HPE Pro

‎10-23-2009 05:08 AM

‎10-23-2009 05:08 AM

Solution

Re: is it possible to hard code the IP to ARP MAC address in Unix

sure - see "man arp"

"arp -d " to delete an arp entry

"arp -s " to add an entry

what "problem" do you see with your arp table?

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
skt_skt
Honored Contributor

‎10-23-2009 05:46 AM

‎10-23-2009 05:46 AM

Re: is it possible to hard code the IP to ARP MAC address in Unix

did u check man on 11.11 or 11.23??
0 Kudos
Reply
skt_skt
Honored Contributor

‎10-23-2009 06:53 AM

‎10-23-2009 06:53 AM

Re: is it possible to hard code the IP to ARP MAC address in Unix

worked for 11.11 too
0 Kudos
Reply
skt_skt
Honored Contributor

‎10-25-2009 02:12 AM

‎10-25-2009 02:12 AM

Re: is it possible to hard code the IP to ARP MAC address in Unix

The problem we are seeing the communication failure between two nodes in the same subnet(DMZ zone). While looking the arp table ofen the MAC points to firewall in the subnet which is meant for filtering/controling the traffic to external world(outside the subnet). Since these two machines are suppose to communicate in the layer2(TCP Model)itself w/o an extra hope/router and i feel somehow the traffic is going to the firewall.Or the ARP mapping itself is not working properly which i suppose the switch needs to take care not the hosts.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎10-26-2009 01:15 AM

‎10-26-2009 01:15 AM

Re: is it possible to hard code the IP to ARP MAC address in Unix

The firewall may be using a Proxy-ARP technique to make it look like your servers are in the same subnet, while the reality may be slightly different.

As your server attempts to connect another server within the same segment, it makes an ARP query. If it gets the firewall's MAC address as an answer, that does not happen by accident - something must have been configured to do so.

You said this happens in a DMZ segment? It would be sensible to build the DMZ so that the firewall protects DMZ machines from each other too.

You should talk with your network/firewall administrators to solve your connectivity problem.

The DMZ network segment is probably built so that there is no way for servers within the DMZ to connect each other, and the firewall is using Proxy-ARP technique to make it seem like a normal segment.

If so, an attempt to hard-code the MAC address will just cause all connections to the intended destination server to fail completely. In other words, the network restriction is built in such a way that it's not possible to work around it.

MK
MK
0 Kudos
Reply
skt_skt
Honored Contributor

‎10-26-2009 02:26 AM

‎10-26-2009 02:26 AM

Re: is it possible to hard code the IP to ARP MAC address in Unix

connection between the DMZ was working and noticed it was broke. Also the DMZ servers are used for same application in FT(Fault Tolerant) mode and hence they should be able to talk. So no such restriction in the architecture level. Also note that the connectios works some time(randomly) and falils most of the time. I have hard coded the MAC on both nodes(each other) and will let you know the FT test goes.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.