ARP and Broadcast Packets Missing

Problem: A Linux box with Debian 9 (kernel 4.9) on a HP server with Intel i40e (X710) network cards, is not reachable from neighbor machines, because ARP does not work.

Discussion: while testing with tcpdump ARP worked, but later ARP stopped working again. When tcpdump is used with “-p” (non promiscuous mode) you can see the problem. The server does not receive any broadcasts. Which means neighbors can not find the machine with ARP. Outgoing ARP does work though because ARP responses are not sent to broadcast the address (ff:ff:ff:ff:ff:ff).

Solution: A quick fix was to use “ifconfig eth0 promisc”. In this mode broadcasts are received and ARP is working. A better fix is to upgrade the Linux kernel to Debian 9 backports (4.19) or probably upgrade to Debian 10.

Versions: Debian 9 kernel 4.9 intel driver: 2.3.2-k intel firmware: 6.00 0x800034ea 18.3.6

ARP is not working on Cisco ASR 1001 X

Problem: Cisco ASR router is loosing connectivity to its directly attached Ethernet neighbors. In this situation interface status is still up, packets are going in and out on both ends, even IPv6 was still working. The actual problem was that the Cisco ASR was ignoring all ARP responses from its neighbors and the ARP table to this interface was empty. Later the same happened on a second interface.

A temporary work around was to reboot the router.

Solution: Cisco support suggested a software upgrade, even though the software was only some weeks old. After the software upgrade the error didn’t happen again until now.
The old IOS version was: asr1001x-universalk9.03.16.03.S.155-3.S3-ext.SPA.bin
The new IOS version is: asr1001x-universalk9.03.16.04a.S.155-3.S4a-ext.SPA.bin

The only fix that possibly fits to the problem is:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160804-wedge

“A remote attacker can cause an interface wedge and an eventual denial of service condition”

What’s an “interface wedge”. Cisco bug reports were more precise years ago.