[mirror_iproute2.git] / doc / arpd.sgml

<!doctype linuxdoc system>

<article>

<title>ARPD Daemon
<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/
<date>some_negative_number, 20 Sep 2001
<abstract>
<tt/arpd/ is daemon collecting gratuitous ARP information, saving
it on local disk and feeding it to kernel on demand to avoid
redundant broadcasting due to limited size of kernel ARP cache. 
</abstract>


<p><bf/Description/

<p>The format of the command is:

<tscreen><verb>
       arpd OPTIONS [ INTERFACE [ INTERFACE ... ] ]
</verb></tscreen>

<p> <tt/OPTIONS/ are:

<itemize>

<item><tt/-l/ - dump <tt/arpd/ database to stdout and exit. Output consists
of three columns: interface index, IP address and MAC address.
Negative entries for dead hosts are also shown, in this case MAC address
is replaced by word <tt/FAILED/ followed by colon and time when the fact
that host is dead was proven the last time.

<item><tt/-f FILE/  - read and load <tt/arpd/ database from <tt/FILE/
in text format similar dumped by option <tt/-l/. Exit after load,
probably listing resulting database, if option <tt/-l/ is also given.
If <tt/FILE/ is <tt/-/, <tt/stdin/ is read to get ARP table.
 
<item><tt/-b DATABASE/  - location of database file. Default location is
<tt>/var/lib/arpd/arpd.db</tt>.

<item><tt/-a NUMBER/ - <tt/arpd/ not only passively listens ARP on wire, but
also send brodcast queries itself. <tt/NUMBER/ is number of such queries
to make before destination is considered as dead. When <tt/arpd/ is started
as kernel helper (i.e. with <tt/app_solicit/ enabled in <tt/sysctl/
or even with option <tt/-k/) without this option and still did not learn enough
information, you can observe 1 second gaps in service. Not fatal, but
not good.

<item><tt/-k/ - suppress sending broadcast queries by kernel. It takes
sense together with option <tt/-a/.

<item><tt/-n TIME/ - timeout of negative cache. When resolution fails <tt/arpd/
suppresses further attempts to resolve for this period. It makes sense
only together with option <tt/-k/. This timeout should not be too much
longer than boot time of a typical host not supporting gratuitous ARP.
Default value is 60 seconds.

<item><tt/-R RATE/ - maximal steady rate of broadcasts sent by <tt/arpd/
in packets per second. Default value is 1.

<item><tt/-B NUMBER/ - number of broadcasts sent by <tt/arpd/ back to back.
Default value is 3. Together with option <tt/-R/ this option allows
to police broadcasting not to exceed <tt/B+R*T/ over any interval
of time <tt/T/.

</itemize>

<p><tt/INTERFACE/ is name of networking inteface to watch.
If no interfaces given, <tt/arpd/ monitors all the interfaces.
In this case <tt/arpd/ does not adjust <tt/sysctl/ parameters,
it is supposed user does this himself after <tt/arpd/ is started.


<p> Signals

<p> <tt/arpd/ exits gracefully syncing database and restoring adjusted
<tt/sysctl/ parameters, when receives <tt/SIGINT/ or <tt/SIGTERM/.
<tt/SIGHUP/ syncs database to disk. <tt/SIGUSR1/ sends some statistics
to <tt/syslog/. Effect of another signals is undefined, they may corrupt
database and leave <tt/sysctl/ parameters in an unpredictable state.

<p> Note

<p> In order to <tt/arpd/ be able to serve as ARP resolver, kernel must be
compiled with the option <tt/CONFIG_ARPD/ and, in the case when interface list
is not given on command line, variable <tt/app_solicit/
on interfaces of interest should be set in <tt>/proc/sys/net/ipv4/neigh/*</tt>.
If this is not made <tt/arpd/ still collects gratuitous ARP information
in its database.

<p> Examples

<enum>
<item> Start <tt/arpd/ to collect gratuitous ARP, but not messing
with kernel functionality:

<tscreen><verb>
   arpd -b /var/tmp/arpd.db
</verb></tscreen>

<item> Look at result after some time:

<tscreen><verb>
   killall arpd
   arpd -l -b /var/tmp/arpd.db
</verb></tscreen>

<item> To enable kernel helper, leaving leading role to kernel:

<tscreen><verb>
   arpd -b /var/tmp/arpd.db -a 1 eth0 eth1
</verb></tscreen>

<item> Completely replace kernel resolution on interfaces <tt/eth0/
and <tt/eth1/. In this case kernel still does unicast probing to
validate entries, but all the broadcast activity is suppressed
and made under authority of <tt/arpd/: 

<tscreen><verb>
   arpd -b /var/tmp/arpd.db -a 3 -k eth0 eth1
</verb></tscreen>

This is mode which <tt/arpd/ is supposed to work normally.
It is not default just to prevent occasional enabling of too aggressive
mode occasionally.

</enum>

</article>
Commit	Line	Data
aba5acdf SH	1	<!doctype linuxdoc system>
	2
	3	<article>
	4
	5	<title>ARPD Daemon
	6	<author>Alexey Kuznetsov, <tt/kuznet@ms2.inr.ac.ru/
	7	<date>some_negative_number, 20 Sep 2001
	8	<abstract>
	9	<tt/arpd/ is daemon collecting gratuitous ARP information, saving
	10	it on local disk and feeding it to kernel on demand to avoid
	11	redundant broadcasting due to limited size of kernel ARP cache.
	12	</abstract>
	13
	14
	15	<p><bf/Description/
	16
	17	<p>The format of the command is:
	18
	19	<tscreen><verb>
	20	arpd OPTIONS [ INTERFACE [ INTERFACE ... ] ]
	21	</verb></tscreen>
	22
	23	<p> <tt/OPTIONS/ are:
	24
	25	<itemize>
	26
	27	<item><tt/-l/ - dump <tt/arpd/ database to stdout and exit. Output consists
	28	of three columns: interface index, IP address and MAC address.
	29	Negative entries for dead hosts are also shown, in this case MAC address
	30	is replaced by word <tt/FAILED/ followed by colon and time when the fact
	31	that host is dead was proven the last time.
	32
	33	<item><tt/-f FILE/ - read and load <tt/arpd/ database from <tt/FILE/
	34	in text format similar dumped by option <tt/-l/. Exit after load,
	35	probably listing resulting database, if option <tt/-l/ is also given.
	36	If <tt/FILE/ is <tt/-/, <tt/stdin/ is read to get ARP table.
	37
	38	<item><tt/-b DATABASE/ - location of database file. Default location is
	39	<tt>/var/lib/arpd/arpd.db</tt>.
	40
	41	<item><tt/-a NUMBER/ - <tt/arpd/ not only passively listens ARP on wire, but
	42	also send brodcast queries itself. <tt/NUMBER/ is number of such queries
	43	to make before destination is considered as dead. When <tt/arpd/ is started
	44	as kernel helper (i.e. with <tt/app_solicit/ enabled in <tt/sysctl/
	45	or even with option <tt/-k/) without this option and still did not learn enough
	46	information, you can observe 1 second gaps in service. Not fatal, but
	47	not good.
	48
	49	<item><tt/-k/ - suppress sending broadcast queries by kernel. It takes
	50	sense together with option <tt/-a/.
	51
	52	<item><tt/-n TIME/ - timeout of negative cache. When resolution fails <tt/arpd/
	53	suppresses further attempts to resolve for this period. It makes sense
	54	only together with option <tt/-k/. This timeout should not be too much
	55	longer than boot time of a typical host not supporting gratuitous ARP.
	56	Default value is 60 seconds.
	57
	58	<item><tt/-R RATE/ - maximal steady rate of broadcasts sent by <tt/arpd/
	59	in packets per second. Default value is 1.
	60
	61	<item><tt/-B NUMBER/ - number of broadcasts sent by <tt/arpd/ back to back.
	62	Default value is 3. Together with option <tt/-R/ this option allows
	63	to police broadcasting not to exceed <tt/B+R*T/ over any interval
	64	of time <tt/T/.
65
66	</itemize>
67
68	<p><tt/INTERFACE/ is name of networking inteface to watch.
69	If no interfaces given, <tt/arpd/ monitors all the interfaces.
70	In this case <tt/arpd/ does not adjust <tt/sysctl/ parameters,
71	it is supposed user does this himself after <tt/arpd/ is started.
72
73
74	<p> Signals
75
76	<p> <tt/arpd/ exits gracefully syncing database and restoring adjusted
77	<tt/sysctl/ parameters, when receives <tt/SIGINT/ or <tt/SIGTERM/.
78	<tt/SIGHUP/ syncs database to disk. <tt/SIGUSR1/ sends some statistics
79	to <tt/syslog/. Effect of another signals is undefined, they may corrupt
80	database and leave <tt/sysctl/ parameters in an unpredictable state.
81
82	<p> Note
83
84	<p> In order to <tt/arpd/ be able to serve as ARP resolver, kernel must be
85	compiled with the option <tt/CONFIG_ARPD/ and, in the case when interface list
86	is not given on command line, variable <tt/app_solicit/
87	on interfaces of interest should be set in <tt>/proc/sys/net/ipv4/neigh/*</tt>.
88	If this is not made <tt/arpd/ still collects gratuitous ARP information
89	in its database.
90
91	<p> Examples
92
93	<enum>
94	<item> Start <tt/arpd/ to collect gratuitous ARP, but not messing
95	with kernel functionality:
96
97	<tscreen><verb>
98	arpd -b /var/tmp/arpd.db
99	</verb></tscreen>
100
101	<item> Look at result after some time:
102
103	<tscreen><verb>
104	killall arpd
105	arpd -l -b /var/tmp/arpd.db
106	</verb></tscreen>
107
108	<item> To enable kernel helper, leaving leading role to kernel:
109
110	<tscreen><verb>
111	arpd -b /var/tmp/arpd.db -a 1 eth0 eth1
112	</verb></tscreen>
113
114	<item> Completely replace kernel resolution on interfaces <tt/eth0/
115	and <tt/eth1/. In this case kernel still does unicast probing to
116	validate entries, but all the broadcast activity is suppressed
117	and made under authority of <tt/arpd/:
118
119	<tscreen><verb>
120	arpd -b /var/tmp/arpd.db -a 3 -k eth0 eth1
121	</verb></tscreen>
122
123	This is mode which <tt/arpd/ is supposed to work normally.
124	It is not default just to prevent occasional enabling of too aggressive
125	mode occasionally.
126
127	</enum>
128
129	</article>
130