Putting ERP Securely On Your Wrist
Finding Your Level of MPE Patches

How MPE Talks to Its Network Neighbors

Our networking team reports they're going to refresh the hardware on our IP gateways. Our Telecom manager says they will 

  • Change the physical gateway, because the hardware is being replaced
  • Not change the IP address and gateway address
  • Change the MAC address of the gateway (because of different gateway hardware)

Network NeighborhoodWhat do I need to do on our MPE boxes to ensure that they will see the new hardware? Does MPE cache the MAC address of neighbor gateways anywhere? I was thinking I needed to restart networking services, but I wasn't sure if anything more will be needed.

Jack Connor replies

If you're taking it off the air for the network changes, I'd go ahead and close the network down until the work has completed and then reopen it. MPE will be looking for the IPs as it opens up. I know you can see the MAC addresses in NETTOOL, but I don't think they're of any import other than informational and for DTC traffic.

Donna Hofmeister adds

Halt the network (even the system if possible -- because it's almost the same thing) while the larger network work is being done. When the new gear is in place and seems stable, "wake up" the 3000 and watch what happens.

When you halt the network (presuming you're not taking the box down) be sure to halt/quiesce network-dependent things (like jobs/listeners) just prior. I'd suggest doing an 'openq' on your network printers as well (keep the input side of printing open, but not the output side).

Jeff Kell notes

If you have access to your routers/switches, you can also attack this from the other end. 

Cisco switches/routers (layer-3) have an ARP table that holds the MAC addresses of the hosts on the subnet. They are subject to a timeout. However, they will generate a "gratuitous unicast ARP" request to any host in the table 30 seconds before it is scheduled to expire. If the host is up, it will respond, and reset the learning timer. It will ALSO push the MAC address and IP of the gateway (the router that just performed the unicast ARP) into the host.

Unfortunately the default ARP timeout on a Cisco device is 4 hours.

You may tweak this as desired on a per-interface basis via the "arp timeout xxx" configuration directive.

If you are doing network monitoring by any SNMP tools, they work best when the mac-address tables (CAMs/TCAMs/etc) are loaded with the host values, and the ARP tables are populated with the current hosts. The mac-address table timeout default is only 300 seconds (I'd suggest moving that up, depending on how volatile your connections may be; we use 600 seconds).  This will cause the "gratuitous ARP" to occur at 530 seconds, and if the host answers, it perfectly repopulates the tables for your management tools to read.

Howard Hoxie adds (with a prompt from Gilles Schipper)

MPE caches the MAC for the gateway, and that there is a command that updates with an "[email protected]" or "INTERNET=ALL" clause.

(The command is NETCONTROL net=netname; update=all, where netname is probably LAN or LAN1)