Wednesday 15 October 2014

IP address conflict and its detection

We have an IP network, with devices getting their IP address from DHCP server. A problem could arise when a device is off the network, then reconnect to the network, and its IP address is the same as other device which has just joined the network. This could be due to DHCP server thinks that the DHCP lease has expired, but the device doesn't. This is a problem of IP address conflict.

To detect IP address conflict, we can use two methods

1) ARP probe: It is an ARP request. The sending device fills the source MAC address with the hardware address of its interface, and the source IP address must be all ZEROes. The destination MAC address should be all ZEROes. The destination IP address is the address being probe. If the sending device receives any ARP on the interface where probe is being performed, where the packet's source IP is the IP being probed for, then this IP is used by other host. So it is an IP conflict.

2) Gratuitous ARP: It could mean both gratuitous ARP request or gratuitous ARP reply. Gratuitous in this case means a request/reply is not required, but could be used in some cases. In a gratuitous ARP request,  the source and destination IP are both set to the IP of the device issuing the packet, and the destination MAC is the broadcast address ff:ff:ff:ff:ff:ff. Ordinarily, no reply packet will occur. A gratuitous ARP reply is a reply to which no request has been made. When a device receives an ARP request containing a source IP that matches its own, then it knows there is an IP conflict.