How can a Neighbor Cache / ARP Cache update be forced on Server 2008 - adding an IP will not do it, but adding a cluster IP will
An application my team produces makes use of multiple IPs assigned to a single host to provide failover capabilities for our services. Prior to Server 2008, adding a service IP (virtual / floating IP) to a host would result in an update to all of the Neighbor Caches / ARP Caches on the network, including those on the border routers. This allowed machines in other subnets to follow the failover.Microsoft has indicated that this functionality has been removed from Server 2008 and that assigning an IP (manually or via the IP Helper API) will not update Neighbor Caches. Microsoft Clustering, however, does update Neighbor Caches / ARP Caches when it moves the cluster IP address. Looking at the network traffic, the standard IP add now sends out three ARPs with 0.0.0.0 SPA - the border router takes these as Martian Source.When a cluster fails over and adds an IP, we see three ARPs, followed by a GARP. This is the behaviour we used to see on Windows Server 2003, resulting in an update.I am hoping someone can advise me as to what MS Clustering is doing that our product isn't in order to force the Neighbor Cache update on 2008.Please let me know if this is in the wrong forum - I'm not sure if it belongs in Clustering or Networking.
September 10th, 2009 6:30pm

I had the same problem http://social.technet.microsoft.com/Forums/en-US/winserverPN/thread/225327ef-89c8-41fb-8316-175f8718e2da Everytime I add/remove an IP address, I simply ping it a few times from a machine on the same vlan/switch and the IP gets picked up everywhere. But I am still waiting for a real solution as well.
Free Windows Admin Tool Kit Click here and download it now
September 11th, 2009 7:29pm

Hello, Thanks for your post here. From the description, you want to know the reason why the reason the Neighbor Caches is not updated while you add an additional IP address on Windows Server 2008. I think there is some misunderstanding here about the new ARP caching(Neighbor cache) and Duplicate Address Detection behavior (RFC4861) in Windows Vista and later OS. Looking at the network traffic, the standard IP add now sends out three ARPs with 0.0.0.0 SPA - the border router takes these as Martian Source. When a gratuitus ARP is sent by a Windows Vista or Windows Server 2008, the GARP sent to the network has the SPA field in the initial request set to 0.0.0.0. When a gratuitous ARP is received by Windows Vista or Windows Server 2008, these systems will not update their cache with incorrect information 0.0.0.0 (on purpose). This way the ARP or neighbor caches of systems receiving this request are not updated if the IP address is duplicated. When a cluster fails over and adds an IP, we see three ARPs, followed by a GARP. This is the behaviour we used to see on Windows Server 2003, resulting in an update. When adding IP address on cluster (NLB), the cluster service need to contact the all of the node in the cluster for configuration. I think it is a standard ARP request instead of GARP and that makes the difference. Related information for your reference: TCP/IP Networking from the Wire Up http://blogs.technet.com/networking/archive/2009/03/30/tcp-ip-networking-from-the-wire-up.aspx Description of Address Resolution Protocol (ARP) caching behavior in Windows Vista TCP/IP implementations http://support.microsoft.com/kb/949589 Neighbor Discovery for IP version 6 (IPv6) http://tools.ietf.org/html/rfc4861 If you have any questions or concerns, please do not hesitate to let me know.
September 14th, 2009 6:54am

Hi, I just want to check if the information provided was helpful. Ifyou have any feedbackon this issue, please feel free to letus know. We are looking forward to your reply.
Free Windows Admin Tool Kit Click here and download it now
September 28th, 2009 7:54am

Actually I believe the questiion was not answered. The behavior of Windows has been changed in Windows 2008. What used to work in Windows 2003 does not in Windows 2008. The initial question was accurate. If you remove an IP address from nodeA and add the same IP address to nodeB, in the same subnet, then the MAC address has been changed as far as the network is concerned. All clients trying to connect to that IP address can immediately reconnect as long as they are on the same subnet. However, if a client is connected to that IP address from a different subnet via a router, then theconnection is lost. For some reason, Windows 2008 no longer updates the local network of the change in MAC address like Windows 2003 did. The remotely connected clients can sometimes have to wait hours before the network is finally notified of the change to the MAC address. So the question posed initially still stands, "How can a Neighbor Cache / ARP Cache update be forced on Server 2008 - adding an IP will not do it, but adding a cluster IP will". Apparently Windows 2008 ARP (GARP) broadcasts are no longer doing what they did in Windows 2003. Given the global implicationsto most networks, it seems that this change has global consequences. What can we do to ensure that Cluster Server is not the only application that can successfully broadcast a change of MAC addresses?I like eggs
November 13th, 2009 9:00pm

To concur with emc123abc, the original question has not been answered. Windows Server 2008 clients are now unable to benefit from the failover capabilities of many high availability products. When an IP in a clustered system moves to another node and sends a gratuitous arp to update clients Windows Server 2008 clients will not allow this gratuitous arp to update its neighbor cache as it was unsolicited and will see the IP as inaccessible until the arp entry it has times out. There does not appear to be a registry setting to change this behavior.
Free Windows Admin Tool Kit Click here and download it now
December 16th, 2009 2:14am

In pursuing this via other channels, I did receive an answer from Microsoft Clustering via our account representative. There is a mechanism present in MS Clustering which allows a GARP to be sent without the SPA set to 0.0.0.0, which would update a router's cache, however this is not exposed to other applications. The recommendation we were given was to craft an NDIS driver and push out our own GARP with the SPA set whenever we completed asserting an IP address. We implemented this solution using a Microsoft reference driver as our template and successfully tested it. In speaking with other companies working on high-availability / failover systems, this appears to be the same response they're receiving.
December 16th, 2009 2:27am

Thanks Rob...We were aware of this proposed path that MS is offering. We have provided this to some of our customers but are still pursuing a fix that does not require another driver to be installed.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2010 1:54am

Hi, When migrating 2 servers from windows server 2003 to windows 2008, I have exactly the same problem. We make manual actif/standby configuration using a virtual IP configured on the NIC of the server. Is there a way to make the switch in a 2003-way ? A registry key or something else, but less complicated/tuned than developping a new driver ? Cheers, Xavier.
April 26th, 2010 10:46am

Hi, I have exactly the same problem. Has anybody fixed it with a simple solution? Thanks in advance. With best regards Bernhard
Free Windows Admin Tool Kit Click here and download it now
February 24th, 2011 9:49pm

Windows 2008 R2 and Windows 7 both extended the functionality of the PING command, adding a new option called " -S " (note uppercase letter S). I am wondering if this is the similar functionality as provided by Thomas Habets (mentioned in https://supportforums.cisco.com/thread/345426 see for instance http://www.habets.pp.se/synscan/programs.php?prog=arping). The documentation from Microsoft on the new "-S" option of PING refers to use in IPv6, makes no mention that it also sends a gratuitius ARP in an IPv4 network. We are a customer of a high availabiltiy solution, that vendor is working to develop code to work around the change in GARP behavior from Win2K3 to Win2K8. I want to verify that adding a "PING -S 10.10.0.10 10.10.0.1" will allow the MAC (neighbor) cache to be updated in Win2K8 and network switches attached. This thread has been stale a while, seems like the above is an important footnote if accurate. Thank you.
July 21st, 2011 10:23am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics