[Ntop-dev] n2n bugs and features
bbmaj7 at yahoo.com.au
Tue Apr 8 14:56:02 CEST 2008
--- Christian Lyra <lyra at pop-pr.rnp.br> wrote:
> but... I can see packets where I wouldnt expect. At my current two
> node plus supernode setup I can see periodic packet exchange between
> two edge nodes, even if they are not talking to each other. At the tun
> interface I can see ARP who-has messages sent by 10.1.2.255 (broadast
> address). why?
These are probably gratuitous ARP packets. They are sent by the edges, not the
host. They serve to keep the host ARP caches current so future who-has packets
are not required. There could be a config option to turn off sending them.
There are also REGISTER refreshes. The edges keep their registrations current.
This could also be allowed to lapse if gratuitous ARP was off.
If gratuitous ARP and REGISTER refresh were disabled; the edge nodes would
forget about each other after a period of time in the same way as the ARP cache
expires. This is more naturally like ethernet and should probably be the
The current system also has the problem that any number of IP addresses can be
bound to the one MAC address on the TAP device.
eg. under linux:
# ip addr add 10.255.254.126 dev edge0
(Note you can bind entire networks of addresses to an interface this way; eg.
#ip addr add 10.0.0.0/8 dev edge0)
Gratuitous ARP packets are only sent by the edge for the one IP address
specified on the command line that the edge knows about. Edge probably should
not send any; rather rely on the higher layer applications to decide if they
need to send gratuitous ARP.
Get the name you always wanted with the new y7mail email address.
More information about the Ntop-dev