How to Force ARP Cache Update for All Neighbors in Linux Network


2 views

During network reconfigurations or MAC address changes, you might encounter situations where other hosts in your subnet maintain stale ARP cache entries. These outdated mappings can cause connectivity issues until the cache naturally expires (typically 60-300 seconds depending on system configuration).

The most reliable method to force ARP updates is using arping with gratuitous ARP packets. This sends unsolicited ARP replies that update neighbors' caches:

sudo arping -c 3 -A -I eth0 192.168.1.100

Where:

- -c 3 sends 3 packets (adjust as needed)

- -A creates ARP REPLY packets instead of requests

- -I eth0 specifies the network interface

- 192.168.1.100 is the IP needing cache updates

For modern Linux systems using iproute2:

sudo ip neigh flush all
sudo ip neigh add 192.168.1.100 lladdr 00:11:22:33:44:55 nud permanent dev eth0
sudo ip neigh change 192.168.1.100 lladdr 00:11:22:33:44:55 nud permanent dev eth0

To specifically target all hosts in the subnet:

sudo arping -c 3 -U -I eth0 192.168.1.100

The -U flag sends unsolicited ARP requests (instead of replies) which causes all hosts to process and update their ARP tables.

Here's a bash script that monitors for MAC changes and triggers updates:

#!/bin/bash
INTERFACE="eth0"
IP_ADDR="192.168.1.100"
OLD_MAC=""

while true; do
    CURRENT_MAC=$(ip link show $INTERFACE | awk '/ether/ {print $2}')
    if [ "$OLD_MAC" != "$CURRENT_MAC" ] && [ -n "$CURRENT_MAC" ]; then
        echo "MAC address changed from $OLD_MAC to $CURRENT_MAC"
        arping -c 5 -A -I $INTERFACE $IP_ADDR
        OLD_MAC="$CURRENT_MAC"
    fi
    sleep 10
done

1. Some network security systems may block gratuitous ARP packets

2. ARP updates won't propagate beyond layer 2 boundaries

3. For virtual IPs (VIPs) in HA clusters, consider using send_arp from the resource-agents package

4. In cloud environments, check provider-specific methods as ARP may be handled differently

In production environments, I've frequently encountered situations where clients maintain stale ARP cache entries even after a server's MAC address changes. This typically occurs during:

  • Network interface replacement
  • Server migration between physical hosts
  • Failover in HA clusters
  • Virtual machine live migration

Linux provides several methods to broadcast updated ARP information:

# Method 1: Using arping (most reliable approach)
sudo arping -c 3 -A -I eth0 192.168.1.100

# Breakdown of flags:
# -c 3: Send 3 packets
# -A: ARP REPLY mode (instead of request)
# -I eth0: Specify interface
# 192.168.1.100: Target IP to announce

For modern Linux distributions using iproute2:

# Method 2: Using ip neigh
sudo ip neigh flush dev eth0
sudo ip neigh add 192.168.1.100 lladdr 00:11:22:33:44:55 nud permanent dev eth0
sudo ip neigh show

For scenarios requiring periodic updates (like during maintenance windows):

#!/bin/bash
# ARP refresh script
INTERFACE="eth0"
IP_ADDRESS="192.168.1.100"
LOGFILE="/var/log/arp_refresh.log"

while true; do
    arping -c 1 -A -I $INTERFACE $IP_ADDRESS >> $LOGFILE 2>&1
    sleep 300  # Run every 5 minutes
done

To confirm the update propagated:

# Check local ARP cache
arp -an

# Verify from another host (requires SSH access)
ssh user@client-host "arp -an | grep 192.168.1.100"
  • Some enterprise switches may block gratuitous ARP packets
  • Cloud environments often have additional ARP handling constraints
  • Always coordinate with network administrators before mass ARP broadcasts