Site menu:


Recent Posts

Recent Comments

moving ip addresses to another device without downtime: scenarios


For the impatient: arpsend !

We all know the problem: you replace a firewall with another model, correctly configure everything and lose connectivity.

After a few hours, things automagically start working again.

You may also know the reason: the upstream router has an entry in its arp cache, incorrectly linking the ip address you’re trying to reach with the mac address of the old network card.

possible reasons this may happen:

  • replacing a firewall with a new/other model.
  • moving an ip address to another network card on the same firewall (note: you will not have the issue with secondary ip’s as the ethernet address won’t change in this case).
  • Replacing a broken network card in a firewall
  • moving an ip address to another device, while keeping the existing device up and running

Now you may also know the solution. Easy: get rid of the old arp entry. Then, a new arp request will be sent by the upstream router and the new mac address will get sent in reply.

So, logically, you would clear or delete the arp entry in the upstream router. Problem: when this is the provider’s router, you cannot access it.

There are a few ways to go about this…

First, the basic, logical way:

  • call the provider and get them to delete the offending arp entry. Could be tricky as you will have to cross the first line helpdesk and they may not have the correct procedure…

Next, you could take action yourself, although there is a difference between action, correct action and efficient action.

  • reboot the router.
  • remove the ethernet cable (pointing to your firewall) from the router’s network card

Both these actions would cause the arp cache (or at least part of it) te be reset. Both actions will also cause some amount of downtime, not to mention the risc of losing access to the device while administering it remotely.

Now for the more interesting actions…The typical way to handle this issue is “the gratuitous arp”.

Clustered systems (depending on the used clustering mechanism) use this as a feature instead of as a defect.

When an active/passive system needs to fail over, the ip addresses need to be moved to the other node. This is more or less the same scenario as before: the addresses will be moved, but then the arp cache of the upstream router needs to be updated IMMEDIATELY or clients will lose connectivity (undermining the ide of a cluster of course).

This is typically done by sending a gratuitous arp.

The idea is to send an arp packet (best to send both a reply and a request due to the way the router os could handle these packets).

A typical arp process would be:

1) device a wants to send data to device b. it determines device b is on the same subnet so no routers need to be crossed. It therefore sends out a request for the mac address of device b. This packet is broadcast (keep in mind arp is a layer-II protocol so this is not an ip but a layer-2 broadcast) and contains: my ip = XYZ, my mac address is 123, I’m looking for IP ABC.

2) device b picks up on the broadcast and says: I need to reply. It sends a reply with: my ip = ABC, my mac address = 456, destination mac address is 123, destination IP = XYZ. As a bonus, device b will put the mac address and ip of device a in its arp cache for future use.

3) device a receives the reply and puts the information ‘ip address ABC is at mac address 456’ in its local arp cache.

for subsequent requests, it will consult its local cache.

but the experts can explain this much clearer: click.

So the question is: when do we time out the entry in the local arp cache? This is of course both operating system-dependent and tunable.

Now, how to update a neighbour’s arp cache to reflect a changed ip <-> mac binding on a local device ?

We could send a gratuitous arp. This can be sent to a certain mac address (or can be broadcast to update all neighbours) and you would put both the source and destination mac address to the same data: the mac address of your local device.

Neighbours will see this packet and update their arp caches.

This is what you would typically do.

This requires of course accessibility to both local devices (the old one and the new one) AND the possibility to send a gratuitous arp at all.

Usually this is done with the arping command, linux or bsd systems should have it onboard.

But what if one of these devices is no longer accessible OR does not have the arping command?

Here it becomes interesting.

Some possible solutions…

  1. You might think: do I not have a tool which allows me to craft custom packets? Like netcat ?
    Unfortunately netcat only does tcp or udp…
  2. You might decide to send a ping from the new device, sourcing the ping from your moved IP. ON cisco firewalls for example, you can not do this by default, but you CAN send a TCP ping.
    Unfortunately, devices like an ASA do not allow your to configure secondary ip’s (strangely enough) and use proxy arp for adding ip’s for incoming services. So no ball..
  3. I could install a system which does support an arping-like command, patch it into the same subnet, spoof the network card’s mac address with the mac address of the new interface/device and send the gratuitous arp from there.
    This would however cause a duplicate mac address which is always something to avoid…

So what we need is a netcat-like tool but it needs to operate on both layer-II and layer-III. If we had this, we could just send the gratuitous arp, hand-craft all the required fields (source mac and IP) and send this custom-made gratuitous arp out to the upstream router, all without causing downtime on any level.

Enter arpsend !

It will get the ip moved smoothly without any downtime and with the ability update only select devices, or broadcast it out to the entire local subnet. There’s even a switch to allow you to send both replies and requests, maximizing your chances of success !



Ubuntu Linux under vmware: network interfaces

I’m quite busy with VMware these days. I actually believe VMware’s dogma “the virtual machine is more robust and qualitatively better than the physical machine” is correct.

However, after installing two VM’s running Ubuntu Linux to do some failover testing, I noticed something odd about the numbering of the network interfaces. Good old eth0 was missing. Instead, there was an eth1 present…

Now I had this issue in the past, but always worked around it by just using eth1 instead of eth0. But maybe it would be better to find out about this and fix it “the right way”.

The problem is caused by the copying of the virtual machines. I have a VM template which I use as a base image. I then copy and customise this image when I need to implement new VM’s. The process goes like this: Read more »

Cover art resizing

One of the more heated debates involving audio tags is: do you organize your files using one directory for every album and put the cover art into a single file into that album (‘folder.jpg’) or do you embed the cover art into the tags of each and every file? Myself, I embed it into all files.

  • the cover art is always with the file, no matter where I copy it to
  • I do not have to put every album into one folder
  • what about single files? You have to embed the art then since creating a folder for one single file seems…strange.

Read more »

Digital audio players: iTunes


Note: this article was originally posted on April 11th, 2007. Some of the mentioned extensions are no longer compatible with later iTunes versions.


ITunes is Apple’s audio player with versions for both Mac and PC. You can say a lot of things about it:

  • It always seems to ‘know better’
  • It is limited in supported playback formats
  • It feels a bit slow

Yet, : Read more »

I am…(personality tests)

Rum And Monkey

The guys at Rum and Monkey allow you to do a few ‘personality tests’. Do not take them seriously 🙂

I'm John Kerry!
Which Presidential Candidate Are You? Read more »

My Audioscrobbler (last.fm) profile

Somehow I seem to have stopped using this service but nevertheless, here it is:

My Audioscrobbler profile

MP3 compression settings

A lot of misconceptions exist about audio compression. Bear in mind that the whole idea behind it is to store digital audio but not have it take up too much space on your hard drive. Uncompressed audio is in wav format. You can compress it in 2 ways:

  • Lossless compression: no information is lost, compression is about 50%.
  • Lossy compression: the codec used tries to determine parts of the file you won’t be able to hear anyway and throws them away. The rest is compressed. Compression is determined by either the bitrate you want to give or the quality you want to give. Compression depends upon the bitrate used but can typically be around 80% while staying transparant.

So, no codec (mp3, ogg, aac, …) can ever be said to provide better or worse sound quality. What can be said is that different codecs need a different bitrate (and so, file size) to reach the same quality.

We’ll be compressing lossy. mp3 is an old codec and in theory newer ones such as aac should need a lower bitrate to get the same quality. However…When using the lame mp3 encoder you have an encoder which has excellent tuning. The advantage of using mp3 is that it’s universally supported on all devices. (indeed, most people think about mp3’s when talking about digital audio.) Also note that a song encoded with the same bitrate but by different encoders may have a very diffent quality for different encodings. When encoding to mp3 and if quality is the goal (instead of speed) always use lame! So, MP3 is what we’ll be using here… Read more »

Tagging audio files

There are a few ways I can think of for an audio player to show you all relevant information (artist, title, release year, …) about an audio file.

  • derive it on-the-fly from the filename.
    • disadvantages:
      • only a limited amount of fields can be entered before file names become too long
      • changing a field would require you to rename the file, which will make programs no longer find the file.
      • you need to take care when naming your files, changing your filename format afterwards may be difficult.
    • advantages:
      • ummmm…not sure…
  • derive it from metadata added to the file.
    • disadvantages:
      • a lot of fields are standardized, but some are not. (album artist anyone?)
      • file becomes (only slightly) bigger
    • advantages:
      • very flexible: you can add fields whenever you want

Read more »

I Want To Call You My Bitch

you my bitch

I was listening to the radio today and hear this song…which seemed to consist of only 10 words…(and that’s making an effort since I’m counting the word ‘I’ and am counting “you’re” as 2 words…)
Intrigued, I looked up the lyrics and for sure, there it was:

Dave Mccullen – Bitch

I just like to call
I just like to call
I just like to call
I just like to call
I just like to call
I just like to call
I just like to call  

I just like to call you my bitch Read more »

Pictures New Year 2004

Pictures of New Year 2004 can be browsed here