Windows 2008 ignores Gratuitous ARP requests

We recently saw an issue after a fail over of our router where our Windows 2008 Boxes didn't start talking to the primary router after fail-back.

When we did some digging they still had the ARP entry from the secondary router. According to the TechNet Blog this is by-design:

First, a Windows Vista or Windows Server 2008 will not update the Neighbor cache if an ARP broadcast is received unless it is part of a broadcast ARP request for the receiver. What this means is that when a gratuitous ARP is sent on a network with Windows Vista and Widows Server 2008, these systems will not update their cache with incorrect information if there is an IP address conflict.

Secondly, it appears that the windows neighbor-cache (arp-cache) is only updated if the machine can no longer talk to the machine that is in it's cache currently. It does not send out occasional ARP requests to make sure the cache is not stale. While this isn't an issue during the initial fail over, during fail back when both boxes are alive this causes windows to keep talking to the secondary box.

Is there any way to force Windows 2008 to accept Gratuitous ARP requests?

Best Answer

After testing it does seem that Hotfix 2582281 fixes the issue. You can get the hotfix without having to pay support by using their hotfix request page.

I ran a test of this using arping and unpatched windows 2008 R2. I added a secondary IP, 64.34.119.80, to a machine with in the same network L2 segment. I then issued the following command from a different machine the network (sudo arping -U 64.34.119.80 -I bond0 -c1). Right after that, I pinged 64.34.119.80 from the windows box after seeing it recieve the arp in wireshark. I then applied the hotfix and repeated the test.

Also, it seems that the arping command needs to not use unicast MAC address but rather the broadcast MAC because this is the only type of GARP ignored from my tests.

Before the patch:

enter image description here

In this wireshark capture, the ping after the GARP request is not sent to the MAC Destination that the GARP came from, so you can see that GARP is being ignored.

After the patch:

In this test, after the patch, the GARP request seems to be honored as the ping is sent to the MAC address that GARP came from.

So from these tests it seems hotfix 2582281 fixes the issue of GARP broadcasts being ignored.

Best Answer

Related Solutions

Windows 2008 R2 Servers Sending Arp Requests for IPs outside Subnet

How to prevent excessive ARP requests sent from Windows Server 2003

Related Topic