I read with interest the recent thread entitled 'Aging Implementation' and my understanding of Arp is much better than it was but I am scratching my head on this.
Scenario is 2 x 877 (ADSL) routers (primary & secondary) on a remote site connected to different carriers. On the LAN side 2 x VLAN's (1 &2). Both routers connect to the same switch (trunk ports), only port 24 on the switch is in VLAN 2, all other ports are on VLAN 1 (NB HSRP on the VLAN's)
When checking the ARP cache on router 1 see that many of the ARP entries (VLAN 1) map to the MAC address of RTR-02's VLAN 1. The IP's seem to be for hosts that no are no longer active, when I ping them nothing!. The active hosts all have valid MAC addresses and I can ping these.
The routers have IP helper statements on to relay requests to a remote DHCP server. Is it possible that either:1) When a packet comes in from the WAN on RTR-01 it ARP's for the packet, gets a response from the real host and then RTR-02 answers the ARP a few milliseconds later effectively overwriting the MAC entry sent by the real host
or...2) RTR-01 is periodically checking to see what hosts are alive. As the DHCP relay agent I note a debug DHCP server events turns up a message every 2 x mins telling me the router is checking for valid addresses. Assuming the host is not live, could the response be somehow coming from RTR-02.
Out of interest the RTR-02 ARP cache has very few arp entries in, certainly no duplicates.