Hey there!
This is a case about the ARP packet detection mechanism.
Problem
S6700 switch directly connected to a Cisco device. After the switch is upgraded from V200R007 to V200R010, a large number of IP address conflict logs are generated.
Jan 16 2020 03:04:17+01:00 IGW:ANB-6700-01 %ARP/4/ARP_DUPLICATE_IPADDR(l)[2853]:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=172.29.12.25, InterfaceName=Vlanif552, MacAddress=8890-8dcd-7f19)
Jan 16 2020 03:04:46+01:00 IGW:ANB-6700-01 %ARP/4/ARP_DUPLICATE_IPADDR(l)[2854]:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=172.29.12.18, InterfaceName=Vlanif550, MacAddress=8890-8dcd-7f1a)
Cause
The switch running V200R010 can detect ARP packets whose source IP addresses do not comply with the RFC protocol and reports address conflict logs. According to the captured packets, the peer device is a Cisco device and sends private ARP probe packets.
In the ARP packet, the value of sender IP address is all 0. The device considers that the packet is an ARP probe packet. In the packet, the value of target IP address is the packet to be probed by the peer device.
ARP probe packets are used to check whether an IP address is used by another device on the network.
After receiving the Probe packet with the "target IP address" being the IP address of the local interface, the device considers that an IP address conflict exists on the network, records a log, triggers an address conflict alarm, and sends gratuitous ARP packets every 5s until the address conflict is released (No packet is received from the IP address within 8 seconds).
The implementation of Huawei devices complies with RFC. According to RFC, address conflict should be reported.
RFC 5227
Solution
If you do not want to view the logs, run the arp anti-attack packet-check ip command in the system view to discard the packets.
Cisco has a private protocol to use this packet, and it also provides a solution which you can find in the Cisco website: Troubleshoot "Duplicate IP Address 0.0.0.0" Error Messages.
This is what I want to share with you today, thank you!