[c-nsp] cisco 3750 arp timeout

Rodney Dunn rodunn at cisco.com
Fri Jan 14 08:24:57 EST 2005 

Remember when you do a clear arp we send a unicast
arp request for any mac we have in the table.

Therefore any device downstream would see
a packet to learn the mac/port mapping for
both the forward and reverse direction.

Make sure the CEF adjacency is correct also.

sh adj detail

Rodney


On Thu, Jan 13, 2005 at 04:45:34PM -0800, Matt Bazan wrote:
> Well, it's a bit of a strange one for me.  I'll have to run some more
> tests off hours to be sure, but here's what I'm seeing so far:
> 
> On these L3 switches we have two VLANs 192.168.50.0/24 and
> 10.30.50.0/24.  Clusters are on the 10.30.50.0 VLAN.  When the resources
> roll, I need clients from then 192.168.50.0 net to reach the cluster but
> they're not able to (before resources roll no problem).
> 
> After rolling, packets get from the 192.168.50.XXX clients to
> 192.168.50.1 (the svi of the VLAN) and from their I'm not sure where
> they're going as I don't have a sniffer setup.
> 
> The arp cache on the switch looks good after a roll (the proper IPs are
> mapped to the new MACs, on the right ports) but still no go from the
> 192.168.50 sub.  At first I was thinking the grat arps were not
> populating the arp cache used by the 192.168.50.1 svi but these VLANs
> are on the same switch and therefore would use the same cache.  If I do
> a 'clear arp-cache' everything is fine, even though the arp cache is the
> same once it gets re-populated..
> 
>   Matt
> 
> > -----Original Message-----
> > From: Church, Chuck [mailto:cchurch at netcogov.com] 
> > Sent: Thursday, January 13, 2005 4:31 PM
> > To: Matt Bazan; rocrowe at cisco.com; cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > 
> > Would disabling proxy-arp on that VLAN make a difference?  
> > I'm thinking
> > that if the MAC for the required IP changes, you wouldn't want the
> > router still 'helping' and giving out the old MAC.  Or is the 
> > router the
> > only device these two servers are talking to, layer-3-wise?  
> > Anyway, it
> > seems like there'd have to be a MS solution to it as well.  A Windoze
> > machine isn't going to have an ARP timeout of 1 second either.  Seems
> > like a client sitting on the same VLAN as the cluster would have the
> > same issue. 
> > 
> > 
> > Chuck Church
> > Lead Design Engineer
> > CCIE #8776, MCNE, MCSE
> > Netco Government Services - Design & Implementation Team
> > 1210 N. Parker Rd.
> > Greenville, SC 29609
> > Home office: 864-335-9473
> > Cell: 703-819-3495
> > cchurch at netcogov.com
> > PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 
> > 
> > 
> > -----Original Message-----
> > From: Matt Bazan [mailto:Mbazan at onelegal.com] 
> > Sent: Thursday, January 13, 2005 5:16 PM
> > To: rocrowe at cisco.com; Church, Chuck; cisco-nsp at puck.nether.net
> > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > 
> > This is what I'm seeing too Robert.  If I roll the resources 
> > I'm unable
> > to connect to virt servers.  If I then do a 'clear arp-cache' I'm able
> > to connect fine.  I'll do some more investigating on the M$ side of
> > things to see if they've got an easier work around than the one you
> > mentioned.  Thanks,
> > 
> >   Matt 
> > 
> > > -----Original Message-----
> > > From: Robert Crowe [mailto:rocrowe at cisco.com] 
> > > Sent: Thursday, January 13, 2005 2:14 PM
> > > To: Matt Bazan; 'Church, Chuck'; cisco-nsp at puck.nether.net
> > > Cc: rocrowe at cisco.com
> > > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > > 
> > >  
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > Matt,
> > > 
> > >         I believe I ran into the same issue your talking 
> > about awhile
> > > back when I was doing systems work. Our issue was with pairs of
> > > servers running Win2k Advanced Server and Microsoft clustering. The
> > > storage was EMC. It ended up being the way Microsoft 
> > clustering sends
> > > the gratuitous arp. One way to tell is to failover the services and
> > > immediately do "clear arp" on the switches they are plugged into. We
> > > ended writing a script that would snmp poll the virtual address for
> > > the hostname of the box. When a failover occurred the hostname would
> > > change and the script would telnet to the 2 switches and clear the
> > > arp entries.
> > > 
> > > 
> > > - -
> > > Robert Crowe
> > > 
> > > 
> > > 
> > > - -----Original Message-----
> > > From: cisco-nsp-bounces at puck.nether.net
> > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Bazan
> > > Sent: Thursday, January 13, 2005 4:49 PM
> > > To: Church, Chuck; cisco-nsp at puck.nether.net
> > > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > > 
> > > Hi Chuck,
> > >         In this particular case I've got two 3750's in a stack and
> > > several MS clusters attached (one cluster node plugs into stack
> > > member 1, the other node into member 2) and I'm having communication
> > > problems reaching the cluster virtual servers when I 'roll' the
> > > resources over from one node in the cluster to the other.  One of my
> > > theories is that the stack could be having problems with the grat
> > > arps it's getting from the MS cluster.
> > > 
> > >         As these systems are in our data center I'll have to wait
> > > till the next time I'm over there to put a sniffer on the 
> > wire to see
> > > if I can glean more info.
> > > 
> > >         In the meantime, to attempt to rule out a grat arp issue, I
> > > was trying to get the ciscos to not cache the cluster's virt server
> > > IP and associated MAC. 
> > > 
> > >   Matt
> > > 
> > > > -----Original Message-----
> > > > From: Church, Chuck [mailto:cchurch at netcogov.com]
> > > > Sent: Thursday, January 13, 2005 1:19 PM
> > > > To: Matt Bazan; cisco-nsp at puck.nether.net
> > > > Subject: RE: [c-nsp] cisco 3750 arp timeout
> > > >
> > > > Matt,
> > > >
> > > >       On a side note, why are you trying to do this?  Rodney
> > > > mentioned the CEF issue.  Are you trying to speed up HSRP/VRRP or
> > > > something along those lines?  Just curious...
> > > >
> > > >
> > > > Chuck Church
> > > > Lead Design Engineer
> > > > CCIE #8776, MCNE, MCSE
> > > > Netco Government Services - Design & Implementation Team 1210 N.
> > > > Parker Rd.
> > > > Greenville, SC 29609
> > > > Home office: 864-335-9473
> > > > Cell: 703-819-3495
> > > > cchurch at netcogov.com
> > > > PGP key:
> > > > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D 
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: cisco-nsp-bounces at puck.nether.net
> > > > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Matt Bazan
> > > > Sent: Thursday, January 13, 2005 3:23 PM
> > > > To: cisco-nsp at puck.nether.net
> > > > Subject: [c-nsp] cisco 3750 arp timeout
> > > >
> > > > I've got a number of interfaces on one of my 3750's (IOS 
> > 12.1(11)AX
> > > > SMI) that I've set the arp timeout to be one second.  However, the
> > > > entries in the arp cache continue to show up until the default arp
> > > > timeout has been reached.  It was my understanding that 
> > setting the
> > > > arp timeout per interface to 1 would clear these entries after 1
> > > > second.  Am I misunderstanding how this command works?  If so, is
> > > > there a command to remove entries from the arp cache after 1
> > > > second?  Thanks,
> > > >
> > > >   Matt
> > > >
> > > > _______________________________________________
> > > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > >
> > > 
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/ 
> > > 
> > > 
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: PGP 8.1
> > > 
> > > iQA/AwUBQebyks6DimsZpmH4EQJZxQCffOhvudUKeWLCX1HQnyLaZv0U22wAn3qm
> > > xT6jWknLf+Aoi9uV+5yN4Xrc
> > > =ym4x
> > > -----END PGP SIGNATURE-----
> > >  
> > > 
> > 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list