8Configuring gratuitous ARPOverviewIn a gratuitous ARP packet, the sender IP address and the target IP address are the IP address of thesending device.A device sends a gratuitous ARP packet for either of the following purposes:• Determine whether its IP address is already used by another device. If the IP address is already used,the device is informed of the conflict by an ARP reply.• Inform other devices of a MAC address change.Gratuitous ARP packet learningThis feature enables a device to create or update ARP entries by using the sender IP and MAC addressesin received gratuitous ARP packets.When this feature is disabled, the device uses received gratuitous ARP packets to update existing ARPentries only.Periodic sending of gratuitous ARP packetsEnabling a device to periodically send gratuitous ARP packets helps downstream devices update ARPentries or MAC entries in a timely manner. This feature can be used to prevent gateway spoofing, preventARP entries from aging out, and prevent the virtual IP address of a VRRP group from being used by a host.• Prevent gateway spoofing.An attacker can use the gateway address to send gratuitous ARP packets to the hosts on a network,so that the traffic destined for the gateway from the hosts is sent to the attacker instead. As a result,the hosts cannot access the external network.To prevent such gateway spoofing attacks, you can enable the gateway to send gratuitous ARPpackets containing its primary IP address and manually configured secondary IP addresses at aspecific interval, so hosts can learn correct gateway address information.• Prevent ARP entries from aging out.If network traffic is heavy or if the host CPU usage is high, received ARP packets can be discardedor are not promptly processed. Eventually, the dynamic ARP entries on the receiving host age outand the traffic between the host and the corresponding devices is interrupted until the hostre-creates the ARP entries.To prevent this problem, you can enable the gateway to send gratuitous ARP packets periodically.The gratuitous ARP packets contain the gateway's primary IP address or one of its manuallyconfigured secondary IP addresses, so the receiving hosts can update ARP entries in time.• Prevent the virtual IP address of a VRRP group from being used by a host.The master router of a VRRP group can periodically send gratuitous ARP packets to the hosts on thelocal network, so that the hosts can update local ARP entries and avoid using the virtual IP addressof the VRRP group. For more information about VRRP, see High Availability Configuration Guide.