Jun 5, 2012

tom

arp “who-has tell” on cloned machine

I have a urgent problem to solve today, but I’m lost. Please help.

I’ve cloned a Virtual Machine hosted on VM Ware ESXi 4.1
The OS is now Ubuntu Server 12.04 LTS, but at the time of cloning it was 10.04 LTS.

I fixed the MAC address manually inside /etc/udev/rules.d/70-persistent-net.rules. It is a known problem on Ubuntu. I had to remove the old MAC address and set the new one as eth0.

Everything seems to work fine, except ARP.
My provider OVH sent me a warning to resolve it today (this is the second day) or they will block my IP!

The log contains many lines like this:

Tue Jun 5 01:04:29 2012 : arp who-has 178.32.136.212 tell 178.32.136.224

where .224 is the cloned server that is causing problems, and .212 is the cloned one.

arp -na returns:

? (178.33.230.254) at 00:07:b4:00:00:02 [ether] on eth0
? (178.32.136.212) at 00:50:56:09:8e:f1 [ether] on eth0

The first IP is the ESXi machine.
The second one should not be there.

I’m not an expert and I don’t know what else to do to fix this problem.
Any help will be very appreciated.

Thanks.

EDIT:

ifcofig on .224:

eth0  Link encap:Ethernet  HWaddr 00:50:56:01:32:c6
      inet addr:178.32.136.224  Bcast:178.32.136.255  Mask:255.255.255.0
      inet6 addr: fe80::250:56ff:fe01:32c6/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:399924 errors:0 dropped:465 overruns:0 frame:0
      TX packets:241884 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:58006071 (58.0 MB)  TX bytes:663603166 (663.6 MB)lo    Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:516216 errors:0 dropped:0 overruns:0 frame:0
      TX packets:516216 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:236284275 (236.2 MB)  TX bytes:236284275 (236.2 MB)

ifconfig on .212:

eth0  Link encap:Ethernet  HWaddr 00:50:56:09:8e:f1
      inet addr:178.32.136.212  Bcast:178.32.136.255  Mask:255.255.255.0
      inet6 addr: fe80::250:56ff:fe09:8ef1/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:16014 errors:0 dropped:0 overruns:0 frame:0
      TX packets:14511 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:15134444 (15.1 MB)  TX bytes:2683025 (2.6 MB)lo    Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:16436  Metric:1
      RX packets:9944 errors:0 dropped:0 overruns:0 frame:0
      TX packets:9944 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1139347 (1.1 MB)  TX bytes:1139347 (1.1 MB)

I’ve executed arp -vd 178.32.136.212 to delete the entry in the arp. But after about one our it is listed again.
During the time that the entry was deleted the log was clear.
Why it came back?

Asked by mcmorry

“ARP who-has” is a broadcast packet. It is normal for you to receive it, since both of your server’s interfaces are in one broadcast domain.

It is possible that your provider expects you to have all virtual servers in routed mode, but you use bridged. In this case broadcast packet is not limited to your virtual interfaces, and floods your physical uplink.

Answered by DukeLion

Check more discussion of this question.

arp “who-has tell” on cloned machine

Related posts:

Leave a comment

Recent Posts

Tags