arp-fake expire-time

Usage Scenario

If a device fails to find the destination MAC address (MAC address corresponding to the destination IP address) of the packet to be forwarded, the device sends an ARP Miss message to the upper-layer software, instructing the upper-layer software to send an ARP request message for the MAC address. This mechanism allows unauthorized users to send a large number of ARP messages with forged IP addresses to a device. The device tries to forward these messages, but cannot find the required destination MAC addresses. As a result, the device sends a large number of ARP Miss messages to the upper-layer software, causing the CPU to be busy processing ARP Miss messages and unable to process normal services.

To reduce the impact of ARP Miss message processing on the system, the upper-layer software generates a fake ARP entry for the received ARP Miss message and sends the fake ARP entry to the device. In this way, ARP Miss messages of the same IP address are sent only once before the ARP entry ages.

After generating a fake ARP entry, the upper-layer software sends an ARP request message for the correct ARP entry. Upon receiving the correct ARP entry, the upper-layer instructs the device to replace the fake ARP entry with the correct one to ensure traffic forwarding.

After an ARP entry ages, the ARP entry is deleted. When a device fails to find an ARP entry for traffic forwarding, the device again sends an ARP Miss message to the upper-layer and the upper-layer again generates a fake ARP entry to the device.

You can control the frequency at which ARP Miss messages are sent by adjusting the aging time of the fake ARP entry.

Precautions

This command can be run only on the main interface.

Follow-up Procedure

A fake ARP entry prevents ARP Miss messages of the same IP address from being sent repeatedly. The timestamp suppression for ARP Miss messages prevents a large number of ARP Miss messages of different IP addresses from being sent concurrently.