Abstract
In order to handle a computer security incident or network failure, it is important to grasp a list of pairs of IP and MAC addresses of hosts. Ones may then traditionally poll an Address Resolution Protocol (ARP) table of a core switch at an interval using SNMP or other methods. This traditional method based upon polling, however, has two major drawbacks that (1) some pairs of IP and MAC addresses may not be obtained and (2) incurs a heavy load on a core switch. This paper then proposes AXARPS that is the novel scalable ARP snooping to build a list of pairs of IP and MAC addresses. AXARPS can avoid missing pairs of IP and MAC addresses by monitoring all ARP traffic instead of the traditional method. AXARPS also can reduce a CPU load on a recent high-end core switch by approximately 20% in comparison with the traditional method. AXARPS is scalable because AXARPS incurs no additional CPU load even the number of hosts increases. AXARPS employs a policy-based mirroring of a switch that mirror traffic that matches a specified filter. The policy-based mirroring can then mirror ARP traffic only, and reduce a load on an ARP parsing server.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
AlaxalA Networks Corporation: Policy based mirroring (2016). (in Japanese). http://www.alaxala.com/jp/solution/network/pbm/pbm/. Accessed 7 Nov 2018
ALAXALA Networks Corporation: Ax-security-controller (2017). http://www.alaxala.com/jp/news/press/2017/20170601.html. Accessed: 03 June 2017
ALAXALA Networks Corporation: Case study: Tokyo university of agriculture and technology (2017). https://www.alaxala.com/jp/introduce/case36/. Accessed 01 Oct 2018
Fluentd Project: fluentd (2010). https://www.fluentd.org/. Accessed 07 Oct 2018
iNetSecSF. Sinetsec sf: Detecting security risk and blocking (2017). (in japanese). https://www.pfu.fujitsu.com/inetsec/products/sf/. Accessed 7 Nov 2018
MongoDB, Inc.: mongodb (2018). https://www.mongodb.com/. Accessed 07 Oct 2018
Network Research Group: Lawrence Berkeley National Laboratory. arpwatch (2009). https://ee.lbl.gov/. Accessed 7 Nov 2018
Philippe Biondi and the Scapy community. Scapy: Packet crafting for Python2 and Python3 (2018). https://scapy.net/. Accessed 7 Nov 2018
Plummer, D.: Ethernet address resolution Protocol: or converting network Protocol addresses to 48.bit Ethernet address for transmission on Ethernet Hardware. RFC 826 (Standard), November 1982. Updated by RFCs 5227, 5494
Python Software Foundation: Python (2001). https://www.python.org/. Accessed 7 Nov 2018
Tsujisawa, T., Sakurada, T., Segawa, H., Kawamura, Y., Mishima, K., Hagiwara, Y.: A challenge for full deployment both 802.1x authentication and an automatically isolation function in a campus network Task and correspondence in the operation. J. Acad. Comput. Netw. 22(1), 36–43 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ohmori, M., Miyata, N., Suzuta, I. (2020). AXARPS: Scalable ARP Snooping Using Policy-Based Mirroring of Core Switches. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2019. Advances in Intelligent Systems and Computing, vol 926. Springer, Cham. https://doi.org/10.1007/978-3-030-15032-7_56
Download citation
DOI: https://doi.org/10.1007/978-3-030-15032-7_56
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15031-0
Online ISBN: 978-3-030-15032-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)