A large number of IP address conflict logs are generated after upgrade Highlighted

Latest reply: Feb 19, 2020 08:41:04 160 2 2 2

Hey there! 

This is a case about the ARP packet detection mechanism.

Problem

S6700 switch directly connected to a Cisco device. After the switch is upgraded from V200R007 to V200R010, a large number of IP address conflict logs are generated. 

Jan 16 2020 03:04:17+01:00 IGW:ANB-6700-01 %ARP/4/ARP_DUPLICATE_IPADDR(l)[2853]:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=172.29.12.25, InterfaceName=Vlanif552, MacAddress=8890-8dcd-7f19)

Jan 16 2020 03:04:46+01:00 IGW:ANB-6700-01 %ARP/4/ARP_DUPLICATE_IPADDR(l)[2854]:Received an ARP packet with a duplicate IP address from the interface. (IpAddress=172.29.12.18, InterfaceName=Vlanif550, MacAddress=8890-8dcd-7f1a)

Cause

The switch running V200R010 can detect ARP packets whose source IP addresses do not comply with the RFC protocol and reports address conflict logs. According to the captured packets, the peer device is a Cisco device and sends private ARP probe packets. 

ARP1

ARP1

In the ARP packet, the value of sender IP address is all 0. The device considers that the packet is an ARP probe packet. In the packet, the value of target IP address is the packet to be probed by the peer device. 

ARP probe packets are used to check whether an IP address is used by another device on the network.

After receiving the Probe packet with the "target IP address" being the IP address of the local interface, the device considers that an IP address conflict exists on the network, records a log, triggers an address conflict alarm, and sends gratuitous ARP packets every 5s until the address conflict is released (No packet is received from the IP address within 8 seconds).

The implementation of Huawei devices complies with RFC. According to RFC, address conflict should be reported. 

RFC 5227

 ARP3

Solution

If you do not want to view the logs, run the arp anti-attack packet-check ip command in the system view to discard the packets.

Cisco has a private protocol to use this packet, and it also provides a solution which you can find in the Cisco website: Troubleshoot "Duplicate IP Address 0.0.0.0" Error Messages.


This is what I want to share with you today, thank you!

  • x
  • convention:

HaseebAkhtar
Created Feb 19, 2020 06:58:28 Helpful(0) Helpful(0)

Thanks for sharing
  • x
  • convention:

An%20enthusiastic%20network%20Engineer%20who%20also%20wants%20to%20be%20a%20programmer
Qazik
Created Feb 19, 2020 08:41:04 Helpful(0) Helpful(0)

Thank you for sharing.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login