none
How can a Neighbor Cache / ARP Cache update be forced on Server 2008 - adding an IP will not do it, but adding a cluster IP will

    Question

  • An application my team produces makes use of multiple IPs assigned to a single host to provide failover capabilities for our services. Prior to Server 2008, adding a service IP (virtual / floating IP) to a host would result in an update to all of the Neighbor Caches / ARP Caches on the network, including those on the border routers. This allowed machines in other subnets to follow the failover.

    Microsoft has indicated that this functionality has been removed from Server 2008 and that assigning an IP (manually or via the IP Helper API) will not update Neighbor Caches.

    Microsoft Clustering, however, does update Neighbor Caches / ARP Caches when it moves the cluster IP address.

    Looking at the network traffic, the standard IP add now sends out three ARPs with 0.0.0.0 SPA - the border router takes these as Martian Source.

    When a cluster fails over and adds an IP, we see three ARPs, followed by a GARP. This is the behaviour we used to see on Windows Server 2003, resulting in an update.

    I am hoping someone can advise me as to what MS Clustering is doing that our product isn't in order to force the Neighbor Cache update on 2008.

    Please let me know if this is in the wrong forum - I'm not sure if it belongs in Clustering or Networking.

    Thursday, September 10, 2009 3:30 PM

Answers

  • Hello,

     

    Thanks for your post here.

     

    From the description, you want to know the reason why the reason the Neighbor Caches is not updated while you add an additional IP address on Windows Server 2008.

     

    I think there is some misunderstanding here about the new ARP caching(Neighbor cache) and Duplicate Address Detection behavior (RFC4861) in Windows Vista and later OS.

     

    Looking at the network traffic, the standard IP add now sends out three ARPs with 0.0.0.0 SPA - the border router takes these as Martian Source.

     

    When a gratuitus ARP is sent by a Windows Vista or Windows Server 2008, the GARP sent to the network has the SPA field in the initial request set to 0.0.0.0. When a gratuitous ARP is received by Windows Vista or Windows Server 2008, these systems will not update their cache with incorrect information 0.0.0.0 (on purpose). This way the ARP or neighbor caches of systems receiving this request are not updated if the IP address is duplicated.

     

     


    ARP3
     

     

    When a cluster fails over and adds an IP, we see three ARPs, followed by a GARP. This is the behaviour we used to see on Windows Server 2003, resulting in an update.

     

    When adding IP address on cluster (NLB), the cluster service need to contact the all of the node in the cluster for configuration. I think it is a standard ARP request instead of GARP and that makes the difference.

     

    Related information for your reference:

     

    TCP/IP Networking from the Wire Up

    http://blogs.technet.com/networking/archive/2009/03/30/tcp-ip-networking-from-the-wire-up.aspx

     

    Description of Address Resolution Protocol (ARP) caching behavior in Windows Vista TCP/IP implementations

    http://support.microsoft.com/kb/949589

     

    Neighbor Discovery for IP version 6 (IPv6)

    http://tools.ietf.org/html/rfc4861

     

    If you have any questions or concerns, please do not hesitate to let me know.

    Monday, September 14, 2009 3:54 AM
    Moderator

All replies

  • I had the same problem

    http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/225327ef-89c8-41fb-8316-175f8718e2da

    Everytime I add/remove an IP address, I simply ping it a few times from a machine on the same vlan/switch and the IP gets picked up everywhere.

    But I am still waiting for a real solution as well.
    Friday, September 11, 2009 4:29 PM
  • Hello,

     

    Thanks for your post here.

     

    From the description, you want to know the reason why the reason the Neighbor Caches is not updated while you add an additional IP address on Windows Server 2008.

     

    I think there is some misunderstanding here about the new ARP caching(Neighbor cache) and Duplicate Address Detection behavior (RFC4861) in Windows Vista and later OS.

     

    Looking at the network traffic, the standard IP add now sends out three ARPs with 0.0.0.0 SPA - the border router takes these as Martian Source.

     

    When a gratuitus ARP is sent by a Windows Vista or Windows Server 2008, the GARP sent to the network has the SPA field in the initial request set to 0.0.0.0. When a gratuitous ARP is received by Windows Vista or Windows Server 2008, these systems will not update their cache with incorrect information 0.0.0.0 (on purpose). This way the ARP or neighbor caches of systems receiving this request are not updated if the IP address is duplicated.

     

     


    ARP3
     

     

    When a cluster fails over and adds an IP, we see three ARPs, followed by a GARP. This is the behaviour we used to see on Windows Server 2003, resulting in an update.

     

    When adding IP address on cluster (NLB), the cluster service need to contact the all of the node in the cluster for configuration. I think it is a standard ARP request instead of GARP and that makes the difference.

     

    Related information for your reference:

     

    TCP/IP Networking from the Wire Up

    http://blogs.technet.com/networking/archive/2009/03/30/tcp-ip-networking-from-the-wire-up.aspx

     

    Description of Address Resolution Protocol (ARP) caching behavior in Windows Vista TCP/IP implementations

    http://support.microsoft.com/kb/949589

     

    Neighbor Discovery for IP version 6 (IPv6)

    http://tools.ietf.org/html/rfc4861

     

    If you have any questions or concerns, please do not hesitate to let me know.

    Monday, September 14, 2009 3:54 AM
    Moderator
  • Hi,

     

    I just want to check if the information provided was helpful. If you have any feedback on this issue, please feel free to let us know.

     

    We are looking forward to your reply.

    Monday, September 28, 2009 4:54 AM
    Moderator
  • Actually I believe the questiion was not answered.  The behavior of Windows has been changed in Windows 2008.  What used to work in Windows 2003 does not in Windows 2008.  The initial question was accurate.  If you remove an IP address from nodeA and add the same IP address to nodeB, in the same subnet, then the MAC address has been changed as far as the network is concerned.  All clients trying to connect to that IP address can immediately reconnect as long as they are on the same subnet.  However, if a client is connected to that IP address from a different subnet via a router, then the connection is lost.  For some reason, Windows 2008 no longer updates the local network of the change in MAC address like Windows 2003 did.  The remotely connected clients can sometimes have to wait hours before the network is finally notified of the change to the MAC address.  So the question posed initially still stands, "How can a Neighbor Cache / ARP Cache update be forced on Server 2008 - adding an IP will not do it, but adding a cluster IP will".  Apparently Windows 2008 ARP (GARP) broadcasts are no longer doing what they did in Windows 2003.  Given the global implications to most networks, it seems that this change has global consequences.  What can we do to ensure that Cluster Server is not the only application that can successfully broadcast a change of MAC addresses?
    I like eggs
    Friday, November 13, 2009 6:00 PM
  • To concur with emc123abc, the original question has not been answered. Windows Server 2008 clients are now unable to benefit from the failover capabilities of many high availability products. When an IP in a clustered system moves to another node and sends a gratuitous arp to update clients Windows Server 2008 clients will not allow this gratuitous arp to update its neighbor cache as it was unsolicited and will see the IP as inaccessible until the arp entry it has times out. There does not appear to be a registry setting to change this behavior.
    Tuesday, December 15, 2009 11:14 PM
  • In pursuing this via other channels, I did receive an answer from Microsoft Clustering via our account representative. There is a mechanism present in MS Clustering which allows a GARP to be sent without the SPA set to 0.0.0.0, which would update a router's cache, however this is not exposed to other applications. The recommendation we were given was to craft an NDIS driver and push out our own GARP with the SPA set whenever we completed asserting an IP address. We implemented this solution using a Microsoft reference driver as our template and successfully tested it.

    In speaking with other companies working on high-availability / failover systems, this appears to be the same response they're receiving.
    Tuesday, December 15, 2009 11:27 PM
  • Thanks Rob...We were aware of this proposed path that MS is offering.  We have provided this to some of our customers but are still pursuing a fix that does not require another driver to be installed.
    Tuesday, January 26, 2010 10:54 PM
  • Hi,

    When migrating 2 servers from windows server 2003 to windows 2008, I have exactly the same problem.

    We make manual actif/standby configuration using a virtual IP configured on the NIC of the server.

    Is there a way to make the switch in a 2003-way ? A registry key or something else, but less complicated/tuned than developping a new driver ?

    Cheers,

     

    Xavier.

    Monday, April 26, 2010 7:46 AM
  • Hi,

    I have exactly the same problem. Has anybody fixed it with a simple solution?

    Thanks in advance.

     

    With best regards

    Bernhard

    Thursday, February 24, 2011 6:49 PM
  • Windows 2008 R2 and Windows 7 both extended the functionality of the PING command, adding a new option called " -S " (note uppercase letter S). I am wondering if this is the similar functionality as provided by Thomas Habets (mentioned in https://supportforums.cisco.com/thread/345426 see for instance http://www.habets.pp.se/synscan/programs.php?prog=arping).

    The documentation from Microsoft on the new "-S" option of PING refers to use in IPv6, makes no mention that it also sends a gratuitius ARP in an IPv4 network.

    We are a customer of a high availabiltiy solution, that vendor is working to develop code to work around the change in GARP behavior from Win2K3 to Win2K8. I want to verify that adding a "PING -S 10.10.0.10 10.10.0.1" will allow the MAC (neighbor) cache to be updated in Win2K8 and network switches attached.

    This thread has been stale a while, seems like the above is an important footnote if accurate.

    Thank you.

     

     

    Thursday, July 21, 2011 2:17 PM