Axarpsc: Scalable arp snooping using policy-based mirroring of core switches with arp log contraction

Motoyuki Ohmori, Naoki Miyata, Koji Okamura

Research output: Contribution to journalArticlepeer-review

Abstract

In order to handle a computer security incident or network failure, it is important to grasp a list of pairs of IP and MAC addresses of the hosts. A traditional method based upon ARP table polling, however, has two major drawbacks that 1) some pairs of IP and MAC addresses may not be obtained and 2) it incurs a heavy load on a core switch. In order to overcome these drawbacks, this paper proposes AXARPSC that is the novel scalable ARP snooping to build a list of pairs of IP and MAC addresses. AXARPSC can avoid missing pairs of IP and MAC addresses by monitoring all ARP traffic. AXARPSC also can reduce a CPU load on a recent high-end core switch by approximately 20%. AXARPSC is scalable because AXARPSC incurs no additional CPU load even though the number of hosts increases. AXARPSC employs a policy-based mirroring of a switch that mirrors traffic that matches a specified filter. The policy-based mirroring can mirror ARP traffic only, and reduce the load on an ARP parsing server. AXARPSC can also contract multiple contiguous ARP messages that have the same pair of an IP address and MAC address, as if one ARP message is observed.

Original languageEnglish
Pages (from-to)198-204
Number of pages7
JournalJournal of information processing
Volume29
DOIs
Publication statusPublished - 2021

All Science Journal Classification (ASJC) codes

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Axarpsc: Scalable arp snooping using policy-based mirroring of core switches with arp log contraction'. Together they form a unique fingerprint.

Cite this