IBM Cloud: VPC/Classic InfrastrutureにおけるARPの挙動

Last updated at 2026-02-10Posted at 2026-02-09

VPC(L3 Network)でのARP

10.239.0.9/24から10.239.0.11/24にpingを実行して、tcpdumpを取得した結果は以下のとおり。

10.239.0.101/24でのtcpdump

# ip neigh flush all; tcpdump -i any arp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
05:48:48.939893 eth0  Out ARP, Request who-has 10.239.0.1 tell 10.239.0.101, length 28
05:48:48.940013 eth0  In  ARP, Reply 10.239.0.1 is-at 02:00:00:de:54:a8, length 46
05:50:04.583836 eth0  Out ARP, Request who-has 10.239.0.1 tell 10.239.0.101, length 28
05:50:04.583975 eth0  In  ARP, Reply 10.239.0.1 is-at 02:00:00:de:54:a8, length 46
05:50:33.145300 eth0  Out ARP, Request who-has 10.239.0.101 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 28
05:50:33.145430 eth0  In  ARP, Reply 10.239.0.101 is-at 02:00:06:de:54:a8, length 46
05:50:34.145414 eth0  Out ARP, Request who-has 10.239.0.101 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 28
05:50:34.145569 eth0  In  ARP, Reply 10.239.0.101 is-at 02:00:06:de:54:a8, length 46


(pingを実行した際の出力）
05:51:03.792779 eth0  Out ARP, Request who-has 10.239.0.102 tell 10.239.0.101, length 28
05:51:03.792897 eth0  In  ARP, Reply 10.239.0.102 is-at 02:00:07:de:54:a8, length 46

10.239.0.102/24でのtcpdump

# ip neigh flush all; tcpdump -i any arp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
05:48:51.180228 eth0  Out ARP, Request who-has 10.239.0.1 tell 10.239.0.102, length 28
05:48:51.180364 eth0  In  ARP, Reply 10.239.0.1 is-at 02:00:00:de:54:a8, length 46
05:49:35.079108 eth0  Out ARP, Request who-has 10.239.0.1 tell 10.239.0.102, length 28
05:49:35.079281 eth0  In  ARP, Reply 10.239.0.1 is-at 02:00:00:de:54:a8, length 46
05:50:07.847208 eth0  Out ARP, Request who-has 10.239.0.1 tell 10.239.0.102, length 28
05:50:07.847466 eth0  In  ARP, Reply 10.239.0.1 is-at 02:00:00:de:54:a8, length 46
05:50:16.358834 eth0  Out ARP, Request who-has 10.239.0.102 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 28
05:50:16.359020 eth0  In  ARP, Reply 10.239.0.102 is-at 02:00:07:de:54:a8, length 46
05:50:17.358982 eth0  Out ARP, Request who-has 10.239.0.102 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 28
05:50:17.359119 eth0  In  ARP, Reply 10.239.0.102 is-at 02:00:07:de:54:a8, length 46


(pingを実行した際の出力）
05:51:03.793228 eth0  Out ARP, Request who-has 10.239.0.101 tell 10.239.0.102, length 28
05:51:03.793313 eth0  In  ARP, Reply 10.239.0.101 is-at 02:00:06:de:54:a8, length 46

この出力結果は非常に興味深い。

10.239.0.101でリクエストした10.239.0.102に対するARPリクエストは、相手には届いていないし、逆にICMPに応答するために10.239.0.102でリクエストした10.239.0.101に対するARPリクエストも、相手には届いていない（まぁキャッシュされていたのかもしれないが、少なくとも長時間観察しても届いていないように見える）。
自身のIPアドレスに対するARPリクエスト(GARP)も、同一ネットワーク上の他のサーバーには届いていない。
つまり、ブロードキャストしたARPリクエストがホスト間で直接届かない設計になっており、VPCのSDNサービスにより代理応答されていると思われる。これが、VPCはL2ネットワークではなくL3ネットワークであり、IPアドレスを勝手に割り当てても通信できないことの意味だと思われる。

Classic Infrastructure(L2 Network)でのARP

同一L2ネットワーク上のARPリクエストが相手サーバーに到達している。

10.173.166.211/26でのtcpdump

# ip neigh flush all; tcpdump -i any arp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
23:56:48.338000 eth0  Out ARP, Request who-has 10.173.166.193 tell 10.173.166.211, length 28
23:56:48.342615 eth0  In  ARP, Reply 10.173.166.193 is-at 00:00:0c:9f:f0:01, length 46
23:56:50.084229 eth0  B   ARP, Request who-has 10.173.166.193 tell 10.173.166.252, length 28
23:57:06.483238 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:14.775977 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:57:20.071289 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:35.252578 eth0  B   ARP, Request who-has 10.173.1.6 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:44.894243 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:58:08.035978 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:15.469395 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:58:22.117151 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:37.261097 eth0  B   ARP, Request who-has 10.173.1.6 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:45.499686 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:59:10.594868 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:59:14.690308 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:59:24.183325 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46

(pingを実行した際の出力）
00:06:05.588987 eth0  Out ARP, Request who-has 10.173.166.252 tell 10.173.166.211, length 28
00:06:05.589888 eth0  In  ARP, Reply 10.173.166.252 is-at 06:e0:1b:34:66:bb, length 28
00:06:10.708978 eth0  In  ARP, Request who-has 10.173.166.211 tell 10.173.166.252, length 28
00:06:10.708999 eth0  Out ARP, Reply 10.173.166.211 is-at 06:ee:75:58:ab:54, length 28

10.173.166.252/26でのtcpdump

# ip neigh flush all; tcpdump -i any arp -nn
tcpdump: data link type LINUX_SLL2
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
23:56:49.634660 eth0  Out ARP, Request who-has 10.173.166.193 tell 10.173.166.252, length 28
23:56:49.638969 eth0  In  ARP, Reply 10.173.166.193 is-at 00:00:0c:9f:f0:01, length 46
23:57:06.034170 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:14.326913 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:57:19.622270 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:34.803563 eth0  B   ARP, Request who-has 10.173.1.6 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:57:44.445139 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:58:07.586916 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:13.075437 eth0  Out ARP, Request who-has 10.173.166.193 tell 10.173.166.252, length 28
23:58:13.079869 eth0  In  ARP, Reply 10.173.166.193 is-at 00:00:0c:9f:f0:01, length 46
23:58:15.020352 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:58:21.668038 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:36.812012 eth0  B   ARP, Request who-has 10.173.1.6 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:58:45.050611 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:59:10.145927 eth0  B   ARP, Request who-has 10.173.1.7 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46
23:59:14.241263 eth0  B   ARP, Reply 10.173.1.4 is-at 00:50:56:9d:0c:6b, length 46
23:59:23.734251 eth0  B   ARP, Request who-has 10.173.1.5 (ff:ff:ff:ff:ff:ff) tell 0.0.0.0, length 46

(pingを実行した際の出力）
00:06:05.140544 eth0  B   ARP, Request who-has 10.173.166.252 tell 10.173.166.211, length 28
00:06:05.140571 eth0  Out ARP, Reply 10.173.166.252 is-at 06:e0:1b:34:66:bb, length 28
00:06:10.259432 eth0  Out ARP, Request who-has 10.173.166.211 tell 10.173.166.252, length 28
00:06:10.260315 eth0  In  ARP, Reply 10.173.166.211 is-at 06:ee:75:58:ab:54, length 28

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up