we plan to change network switch and firewall machine to new one. Network engineer told me after switch and firewall equipment change I may need run 'arp ..." to clear out cache on every CENTOS servers due to switch and firewall MAC address change. we have 30 to 40 CENTOS 4.X and 5.X my affect. my question are: 1. does switch and firewall equipment change need LINUX client clear cache? 2. if needed, how to clear cache and get new info about switch and firewall?
Hi, mcclnx mcc sent a missive on?2010-02-23:> we plan to change network switch and firewall machine to new one. > Network engineer told me after switch and firewall equipment change I > may need run 'arp ..." to clear out cache on every CENTOS servers due > to switch and firewall MAC address change. > > we have 30 to 40 CENTOS 4.X and 5.X my affect. my question are: > > > 1. does switch and firewall equipment change need LINUX client clear > cache?No, it can be completed without a cache clear. I have completed the same sort of thing by connecting the new switch to the old one, making sure that I can see the new switch from a server and then moving each Ethernet cable across from the old switch to the new switch. When it comes to the firewall, there will be a slight delay in traffic flows which should be a couple of seconds as each server will issue an arp request as the firewall mac address will have changed and will need to be re arp'ed. Beware of Cisco kit however, as some of this kit has an arp timeout of 5 mins and therefore on the Cisco kit you will have to clear the arp cache of this kit if it is in front of or behind the firewall.> > 2. if needed, how to clear cache and get new info about switch and > firewall? >You have to delete each entry from the cache using arp -d {hostname} afaik
On 2/23/2010 1:25 PM, mcclnx mcc wrote:> we plan to change network switch and firewall machine to new one. Network engineer told me after switch and firewall equipment change I may need run 'arp ..." to clear out cache on every CENTOS servers due to switch and firewall MAC address change. > > we have 30 to 40 CENTOS 4.X and 5.X my affect. my question are: > > > 1. does switch and firewall equipment change need LINUX client clear cache? > > 2. if needed, how to clear cache and get new info about switch and firewall?I'm not sure about the exact timing, but Linux is pretty aggressive about updating arp entries automatically. I think entries time out in a minute or so of inactivity and are re-probed on delays anyway. On the other hand, routers have much longer times for their arp cache, so it probably will be necessary to clear the router on the other side of the firewall. Switches normally act transparently at layer 2 so connections through them (as opposed to management connections _to_ them) don't care about addresses. -- Les Mikesell lesmikesell at gmail.com