Detection of IP Address Conflicts

From R81, the Gaia Operating System detects IPv4 address conflicts - if a different device on a directly connected network uses an IPv4 address that belongs to one of the Gaia interfaces.

Example: Gaia interface eth1 has the IPv4 address 10.1.1.1, and some other device on the network connected to eth1 uses the same IPv4 address 10.1.1.1. The device causes an IP address conflict.

Best Practice - Enable this feature only for interfaces connected to your internal networks. If you enable this feature for all interfaces, or for interfaces connected to external networks, this feature generates too many log messages in the /var/log/messages file.

Important - The detection of IP address conflicts:

  • Is disabled by default.

  • Supports only interfaces with an assigned IPv4 address and with the state "on" ("enabled").

  • Is configured only in Gaia Clish.

Configuration in Gaia Clish

Important:

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must run the applicable commands in Gaia gClish of the applicable Security Group.

Syntax

show ip-conflicts-monitor

      interfaces

      state

set ip-conflicts-monitor

      interface {all | <Name of Interface>}

      state {off | on}

delete ip-conflicts-monitor

      interface {all | <Name of Interface>}

Important - After you add, configure, or delete features, run the "save config" command to save the settings permanently. Scalable Platforms save the changes automatically.

Parameters

Command

Description

set ip-conflicts-monitor interface {all | <Name of Interface>}

Specifies the interfaces, on which Gaia monitors for :

  • all

    Detect IP address conflicts (duplicate IP addresses) on all supported interfaces.

  • <Name of Interface>

    Detect IP address conflicts on the specified interface only

    You can run this command for each applicable interface.

    Warning - If previously you configured "set ip-conflicts-monitor interface all", then to configure monitoring on a specific interface, you must run:

    1. delete ip-conflicts-monitor interface all

    2. set ip-conflicts-monitor interface <Name of Interface>

set ip-conflicts-monitor state {off | on}

Enables (on) and disables (off) the feature.

show ip-conflicts-monitor interfaces

Shows the interfaces, on which Gaia detects IP address conflicts.

show ip-conflicts-monitor state

Shows the current state of the feature (off or on).

delete ip-conflicts-monitor interfaces {all | <Name of Interface>}

Specifies the interfaces, on which Gaia stops to detect IP address conflicts:

  • all

    Stop to detect IP address conflicts on all supported interfaces

  • <Name of Interface>

    Stop to detect IP address conflicts on the specified interfaces only

gaia> show ip-conflicts-monitor state

IP conflict monitoring Disabled

gaia> set ip-conflicts-monitor interface eth2

gaia> set ip-conflicts-monitor on

gaia> show ip-conflicts-monitor state

IP conflict monitoring Enabled

gaia> show ip-conflicts-monitor interfaces

Monitored Interfaces: eth2

Log Messages

After you enable and configure this feature, it generates one of these messages in the /var/log/messages file:

Log Message

Description

new station

Gaia detected a new MAC address on a directly connected network and a new IP address is assigned to that MAC address.

changed ethernet address

Gaia detected that an IP address stored in the binding database is assigned to a new MAC address on a directly connected network.

flip flop

The second recent binding of a MAC address to an IP address is currently the most recent binding in the binding database.

This potentially indicates an IP address conflict on the network.

reused old ethernet address

The third (or older) recent binding of a MAC address to an IP address is currently the most recent binding in the binding database.

This very likely indicates a 3-way (or greater) IP address conflict.

To see the applicable log messages:

Step

Instructions

1

Connect to the command line.

2

Log in to the Expert mode.

3

Run:

grep "arpwatch:" /var/log/messages*

Example:

[Expert@MyGaia:0]# grep "arpwatch:" /var/log/messages*
Aug  3 19:23:16 2020 MyGaia arpwatch: listening on eth0
Aug  3 19:23:16 2020 MyGaia arpwatch: new station 192.168.3.51 00:50:56:a3:73:26
Aug  3 19:23:17 2020 MyGaia arpwatch: new station 192.168.3.29 00:50:56:a3:68:60
... ... (truncated for brevity) ... ...
[Expert@MyGaia:0]#

Additional Information

  • The detection of IP address conflicts is based on the Linux arpwatch tool.

  • When you enable this feature, Gaia runs the /bin/arpwatch_launcher daemon. This daemon is responsible to run the /etc/rc.d/init.d/arpwatch service.

  • Gaia saves the applicable configuration in the Gaia database and in the /etc/sysconfig/arpwatch file.

    Gaia generates the /etc/sysconfig/arpwatch file automatically.

  • Gaia saves the MAC-to-IP address binding information in the /var/lib/arpwatch/arp.dat.<Name of Interface> file.

    The information includes:

    • The detected MAC address

    • The IP address assigned to that MAC address

    • The time of detection (in Unix epoch format)

    It can take several minutes for Gaia to populate this database.