It’s been a while since my last post, was busy with work.

I have been asked many times, how will I check whether remote server is up or down?

Most common & logical answer is by pinging!

But what if the ping request is disabled? How would you find out?

Imagining the lack of basic knowledge from people I came across who are CCNA, CCNP, RHCE certified + years of experience in networking. Majority of them bluffed or well, lets just put it; Did NOT have any answer!!

Let’s go through this and find the valid answer and a basics behind it.

As we say, “Common sense is not common” just like “Basics is not a basic thing, it’s a foundation of what you think and how you implement”.

In the span of my 5 years of experience, I’ve come across many projects and majority of them were stuck because of half knowledge and missing basics in the implementation.

Scenario 1: Where ping request is enabled.

root@bt:~# ping 10.2.30.226
PING 10.2.30.226 (10.2.30.226) 56(84) bytes of data.
64 bytes from 10.2.30.226: icmp_seq=1 ttl=64 time=1.02 ms
64 bytes from 10.2.30.226: icmp_seq=2 ttl=64 time=0.462 ms
^C
— 10.2.30.226 ping statistics —
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.462/0.745/1.029/0.284 ms
root@bt:~# arping 10.2.30.226
ARPING 10.2.30.226
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=0 time=338.000 usec
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=1 time=212.000 usec
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=2 time=220.000 usec
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=3 time=257.000 usec
^C
— 10.2.30.226 statistics —
4 packets transmitted, 4 packets received,   0% unanswered (0 extra)

Let’s check arp cache,

root@bt:~# ip neigh show | grep 10.2.30.226
10.2.30.226 dev eth0 lladdr 26:fc:99:e8:47:42 REACHABLE

As you can see from apr cache, destination server is REACHABLE.

Scenario 2: Ping is disabled.

First, disable ping request on a destination server.

  • [root@10.2.30.226 ~]# echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all
  • root@bt:~# ping 10.2.30.226
    PING 10.2.30.226 (10.2.30.226) 56(84) bytes of data.
    From 10.2.50.16 icmp_seq=1 Destination Host Unreachable
    From 10.2.50.16 icmp_seq=2 Destination Host Unreachable
    — 10.2.30.226 ping statistics —
    7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6018ms
  • Now let’s see what arping has to say,

root@bt:~# arping 10.2.30.226
ARPING 10.2.30.226
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=0 time=407.000 usec
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=1 time=217.000 usec
60 bytes from 26:fc:99:e8:47:42 (10.2.30.226): index=2 time=209.000 usec

  • root@bt:~# ip neigh show | grep 10.2.30.226
    10.2.30.226 dev eth0 lladdr 26:fc:99:e8:47:42 REACHABLE

Even ping request is disabled, we can check whether server is UP or Down without any monitoring tools.

what if the server is shutdown.

  • root@bt:~# ip neigh show | grep 10.2.30.226
    10.2.30.226 dev eth0 lladdr 26:fc:99:e8:47:42 STALE

As you can see, STALE is the status of the server.

Explanation:

arping sends TCP request to the server, we can disable ping request but we can’t disable TCP request as it will bring down majority services running on the server.

Let’s take an example of a server pinging but arp cache shows STALE, always a good idea to update cache entries.

  • root@bt:~# ip neigh show
    10.2.30.15 dev eth0 lladdr 00:1c:c0:7c:0f:f4 REACHABLE
    10.2.30.245 dev eth0 lladdr a2:81:17:5c:3c:35 STALE
    10.2.120.250 dev eth0 lladdr 00:1e:2a:49:93:cd STALE
  • 10.2.120.250 is STALE.

really???

  • root@bt:~# arping -u -I eth0 10.2.120.250 (updating arp cache)
    ARPING 10.2.120.250
    60 bytes from 00:1e:2a:49:93:cd (10.2.120.250): index=0/0 time=12.000 usec
    60 bytes from 00:1e:2a:49:93:cd (10.2.120.250): index=1/1 time=5.000 usec
  • root@bt:~# ip neigh show | grep 10.2.120.250
    10.2.120.250 dev eth0 lladdr 00:1e:2a:49:93:cd REACHABLE

It’s always a good habit to clear arp cache,

can be done using,

  • root@bt:~# arp -d ip-address
  • arp cache get’s information from the file, cat /proc/net/arp

In case, arp cache still shows deleted entries and throws error like “SIOCDARP(priv): Network is unreachable”  then theirs a work around

Example: IP is 10.2.30.226

then,

root@bt [~]# ip addr add 10.2.30.226 dev eth0

root@bt [~]# ip addr del 10.2.30.226 dev eth0

then check arp -n and it won’t show deleted entries any more.

Ref: https://lkml.org/lkml/2003/8/20/62

Cheers!!!