[c-nsp] cisco 3750 arp timeout

Matt Bazan Mbazan at onelegal.com
Thu Jan 13 19:45:34 EST 2005 

Well, it's a bit of a strange one for me.  I'll have to run some more
tests off hours to be sure, but here's what I'm seeing so far:

On these L3 switches we have two VLANs 192.168.50.0/24 and
10.30.50.0/24.  Clusters are on the 10.30.50.0 VLAN.  When the resources
roll, I need clients from then 192.168.50.0 net to reach the cluster but
they're not able to (before resources roll no problem).

After rolling, packets get from the 192.168.50.XXX clients to
192.168.50.1 (the svi of the VLAN) and from their I'm not sure where
they're going as I don't have a sniffer setup.

The arp cache on the switch looks good after a roll (the proper IPs are
mapped to the new MACs, on the right ports) but still no go from the
192.168.50 sub.  At first I was thinking the grat arps were not
populating the arp cache used by the 192.168.50.1 svi but these VLANs
are on the same switch and therefore would use the same cache.  If I do
a 'clear arp-cache' everything is fine, even though the arp cache is the
same once it gets re-populated..

  Matt

> -----Original Message-----
> From: Church, Chuck [mailto:cchurch at netcogov.com] 
> Sent: Thursday, January 13, 2005 4:31 PM
> To: Matt Bazan; rocrowe at cisco.com; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] cisco 3750 arp timeout
> 
> Would disabling proxy-arp on that VLAN make a difference?  
> I'm thinking
> that if the MAC for the required IP changes, you wouldn't want the
> router still 'helping' and giving out the old MAC.  Or is the 
> router the
> only device these two servers are talking to, layer-3-wise?  
> Anyway, it
> seems like there'd have to be a MS solution to it as well.  A Windoze
> machine isn't going to have an ARP timeout of 1 second either.  Seems
> like a client sitting on the same VLAN as the cluster would have the
> same issue. 
> 
> 
> Chuck Church
> Lead Design Engineer
> CCIE #8776, MCNE, MCSE
> Netco Government Services - Design & Implementation Team
> 1210 N. Parker Rd.
> Greenville, SC 29609
> Home office: 864-335-9473
> Cell: 703-819-3495
> cchurch at netcogov.com
> PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 
> 
> 
> -----Original Message-----
> From: Matt Bazan [mailto:Mbazan at onelegal.com] 
> Sent: Thursday, January 13, 2005 5:16 PM
> To: rocrowe at cisco.com; Church, Chuck; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] cisco 3750 arp timeout
> 
> This is what I'm seeing too Robert.  If I roll the resources 
> I'm unable
> to connect to virt servers.  If I then do a 'clear arp-cache' I'm able
> to connect fine.  I'll do some more investigating on the M$ side of
> things to see if they've got an easier work around than the one you
> mentioned.  Thanks,
> 
>   Matt 
> 
> > -----Original Message-----
> > From: Robert Crowe [mailto:rocrowe at cisco.com] 
> > Sent: Thursday, January 13, 2005 2:14 PM
> > To: Matt Bazan; 'Church, Chuck'; cisco-nsp at puck.nether.net
> > Cc: rocrowe at cisco.com
> > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > 
> >  
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Matt,
> > 
> >         I believe I ran into the same issue your talking 
> about awhile
> > back when I was doing systems work. Our issue was with pairs of
> > servers running Win2k Advanced Server and Microsoft clustering. The
> > storage was EMC. It ended up being the way Microsoft 
> clustering sends
> > the gratuitous arp. One way to tell is to failover the services and
> > immediately do "clear arp" on the switches they are plugged into. We
> > ended writing a script that would snmp poll the virtual address for
> > the hostname of the box. When a failover occurred the hostname would
> > change and the script would telnet to the 2 switches and clear the
> > arp entries.
> > 
> > 
> > - -
> > Robert Crowe
> > 
> > 
> > 
> > - -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Bazan
> > Sent: Thursday, January 13, 2005 4:49 PM
> > To: Church, Chuck; cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > 
> > Hi Chuck,
> >         In this particular case I've got two 3750's in a stack and
> > several MS clusters attached (one cluster node plugs into stack
> > member 1, the other node into member 2) and I'm having communication
> > problems reaching the cluster virtual servers when I 'roll' the
> > resources over from one node in the cluster to the other.  One of my
> > theories is that the stack could be having problems with the grat
> > arps it's getting from the MS cluster.
> > 
> >         As these systems are in our data center I'll have to wait
> > till the next time I'm over there to put a sniffer on the 
> wire to see
> > if I can glean more info.
> > 
> >         In the meantime, to attempt to rule out a grat arp issue, I
> > was trying to get the ciscos to not cache the cluster's virt server
> > IP and associated MAC. 
> > 
> >   Matt
> > 
> > > -----Original Message-----
> > > From: Church, Chuck [mailto:cchurch at netcogov.com]
> > > Sent: Thursday, January 13, 2005 1:19 PM
> > > To: Matt Bazan; cisco-nsp at puck.nether.net
> > > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > >
> > > Matt,
> > >
> > >       On a side note, why are you trying to do this?  Rodney
> > > mentioned the CEF issue.  Are you trying to speed up HSRP/VRRP or
> > > something along those lines?  Just curious...
> > >
> > >
> > > Chuck Church
> > > Lead Design Engineer
> > > CCIE #8776, MCNE, MCSE
> > > Netco Government Services - Design & Implementation Team 1210 N.
> > > Parker Rd.
> > > Greenville, SC 29609
> > > Home office: 864-335-9473
> > > Cell: 703-819-3495
> > > cchurch at netcogov.com
> > > PGP key:
> > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 
> > >
> > >
> > > -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Bazan
> > > Sent: Thursday, January 13, 2005 3:23 PM
> > > To: cisco-nsp at puck.nether.net
> > > Subject: [c-nsp] cisco 3750 arp timeout
> > >
> > > I've got a number of interfaces on one of my 3750's (IOS 
> 12.1(11)AX
> > > SMI) that I've set the arp timeout to be one second.  However, the
> > > entries in the arp cache continue to show up until the default arp
> > > timeout has been reached.  It was my understanding that 
> setting the
> > > arp timeout per interface to 1 would clear these entries after 1
> > > second.  Am I misunderstanding how this command works?  If so, is
> > > there a command to remove entries from the arp cache after 1
> > > second?  Thanks,
> > >
> > >   Matt
> > >
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> > 
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGP 8.1
> > 
> > iQA/AwUBQebyks6DimsZpmH4EQJZxQCffOhvudUKeWLCX1HQnyLaZv0U22wAn3qm
> > xT6jWknLf+Aoi9uV+5yN4Xrc
> > =ym4x
> > -----END PGP SIGNATURE-----
> >  
> > 
>

More information about the cisco-nsp mailing list