BIG-IP LTM Dynamic ARP Table Visibility

Question

I am trying to audit my LTM virtual server vlan arp cache because we are looking for servers that were erroneously added to this vlan.  However, I did notice while in tmsh 'net arp' I can only see external hosts to the LTM if I ping them (obviously), BUT it never lists the LTM virtual servers in this same cache.&nbsp;
I cannot check our switch arp table because it is only a layer 2 pass through and the F5 is the gateway for this virtual server vlan.&nbsp;
I am trying to avoid pinging 253 unique IP addresses across six vlans and hoping to find another way to get this information or at the very least script a ping sweep, where I can edit the network ID (10.10.X.0/24).&nbsp;
Thanks&nbsp;

ianb · Answer

The ARP protocol is used to resolve layer-3 addresses to layer-2 addresses. Since the LTM never needs to ask this question for directly connected interfaces, those will not be present in the table.
You could try pinging the broadcast address (make sure you use -b), or the multicast 'all hosts' address (224.0.0.1) to elicit traffic from other devices.
Alternatively, use a linux device connected to the same subnet and run nmap 10.0.0.1-255 (adjust for whatever your subnet is)
And if you can't do that, script it:
for i in {1..254} ; do ping -W1 -c1 10.0.0.$i ; done ; arp -na

With a 1-second timeout (-W1), that will take a little over 4 minutes.

Forum Discussion

BIG-IP LTM Dynamic ARP Table Visibility

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

What is BIG-IP Next?

Implementing BIG-IP WAF logging and visibility with ELK

Unify Visibility with F5 ACI ServiceCenter in Cisco ACI and F5 BIG-IP Deployments

Getting Started with BIG-IP Next: Fundamentals

BIG-IP Report