Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Networking: See and Map ARP

Ability to add static ARP records and view current arp entries

40 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Kunal KeshavKunal Keshav shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Jeremy MeyerJeremy Meyer commented  ·   ·  Flag as inappropriate

        Just being able to see the table without having to login to the console and run commands would be extremely helpful.

      • TonyTony commented  ·   ·  Flag as inappropriate

        I think this is a good feature to add, albeit its not **** like many of the other great features in the new 9.2 release. There are known case examples where devices (Internet of Things) that use 802.15.4 and use long lasting TCP connections with VERY low traffic. A NEST thermostat is one such device - which we can use as an example to illustrate the usefulness of the feature. So a NEST uses a tcp connection, from the device to the cloud to send and receive data. Data from the NEST to the cloud goes out without a problem. However, after some time, the ARP entry for the NEST expires, but the tcp connection in iptables still exists. So after the arp entry expires, data coming from the cloud to the nest is passed through IP tables without a problem, however, since there isn't an ARP entry, the UTM can't find the mac address of the nest, since the arp entry is dynamic. The UTM does try to resolve the ARP entry, but since the nest is in a 'low power' state, it doesn't hear the "who-has" question, and the packets are dropped. Now the NEST could solve this problem by sending a "heart beat" every now and then to keep the arp entry alive.

        This is just an example of how this feature would help address this issue, but the usefulness of this feature extends beyond this example. I have a routine practice of statically setting the ARP entry for devices that are critical to the enterprise's infrastructure because it can address some forms of debauchery on the wire. I would think that being able to set the mac address in the host definition makes sense and also have some way to freshen the static arp list would address things nicely.

      Feedback and Knowledge Base