Hi
I am using a network with following topology
PHP Code:
---------
--------- /__________ | Router 1|________\ --------
| Linux |\ --------- /| Linux |
| Machine1| | Machine2|
| | _________\ --------- /________ | |
--------- /| Router 2|\ --------
---------
I have established a IPsec tunnel between 2 linux machines and configured my routes such that packets from M1 to M2 goes through rounter 2 and M2 to M1 through Router 1. I have TCP session inside the IPsec Tunnel. ARP is resolved, tunnels established and tcp communication is working fine.
ARP resolved in M1 is for Router2
ARP resolved in M2 is for Router1
I read in
http://linux.die.net/man/7/arp that is ARP refresh is done as below
base_reachable_time (since Linux 2.2)
Once a neighbor has been found, the entry is considered to be valid for at least a random value between base_reachable_time/2 and 3*base_reachable_time/2.
An entry's validity will be extended if it receives positive feedback from higher level protocols. Defaults to 30 seconds. This file is now obsolete in favor of base_reachable_time_ms.
My base_reachable_time is configured to 400sec
In kernel 2.6, Since TCP session is established i see there is no further ARP send out even after expiry of base_reachable_time. Even after 30 mins i didnt see an ARP. I assume it is due to this
An entry's validity will be extended if it receives positive feedback from higher level protocols
In Kernel 3.14, I see ARP packets after refresh time expires even if TCP session is active.
Was there any changes in kernel for the above behavior?
Which all higher layer protocols can give positive feedback to ARP?
Regards
Nitin
