Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4819
Views
0
Helpful
2
Replies

Martian packets - type ARP - UCS Server - CentOS

SamUrai
Level 1
Level 1

‎09-23-2021 09:04 AM

Hello,

 

We recently enabled "martian" packet tracing on CentOS 7.9 running on UCS servers C240M4 (UCSM Integrated). Since then we have been seeing martian packets messages in "dmesg" occurring very frequently. The IP frame data revels that those are ARP packets ( 08 06 ). We do suspect that there is something not right on the network side. The IPs being reported are different.

 

[Thu Sep 23 08:57:35 2021] IPv4: martian source <IP> from <IP>, on dev bridge-fe-2
[Thu Sep 23 08:57:35 2021] ll header: 00000000: ff ff ff ff ff ff xx xx xx xx xx xx 08 06        .........62A..
[Thu Sep 23 08:57:35 2021] IPv4: martian source <IP> from <IP>, on dev bridge-be-2
[Thu Sep 23 08:57:35 2021] ll header: 00000000: ff ff ff ff ff ff xx xx xx xx xx xx 08 06        .........6.A..
[Thu Sep 23 08:57:35 2021] IPv4: martian source <IP> from <IP>, on dev bridge-3001-2
[Thu Sep 23 08:57:35 2021] ll header: 00000000: ff ff ff ff ff ff xx xx xx xx xx xx 08 06        ........D..@..
[Thu Sep 23 08:57:36 2021] IPv4: martian source <IP> from <IP>, on dev bridge-fe-1
[Thu Sep 23 08:57:36 2021] ll header: 00000000: ff ff ff ff ff ff xx         .xx xx xx xx xx 08 06........62A..
[Thu Sep 23 08:57:36 2021] IPv4: martian source <IP> from <IP>, on dev bridge-3001-1
[Thu Sep 23 08:57:36 2021] ll header: 00000000: ff ff ff ff ff ff xx xx xx xx xx xx 08 06        .........62A..

 

Does anyone know a possible cause of these messages?

Thanks

Labels:
0 Helpful
2 Replies 2

Kirk J
Cisco Employee
Cisco Employee

‎09-27-2021 04:30 AM - edited ‎09-30-2021 06:47 PM

Do any of the source MACs match any VMs you've configured in your environment?

Having a guestVM attached to the wrong port group could trigger this pretty easily I think (IP and subnet don't match intended vlan).

 

Kirk...

0 Helpful

SamUrai
Level 1
Level 1
In response to Kirk J

‎10-07-2021 05:57 AM

Yes the IPs are configured in our environment.  The VMs are in the correct VLAN AFAIK  and have proper subnet mask configured. The "martian" probe is setup to monitor all interfaces on the host which includes "vnet" VM interfaces which are on the linux bridge configured.  I think this maybe a cause of the problem as the ping response of the VMs seem suffer.. pkt loss and high RTA time. Disabled the probe, the problem is gone.

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card