[c-nsp] Learning a Multicast Ethernet for Unicast IP via ARP
Crist Clark
Crist.Clark at globalstar.com
Fri Oct 17 18:00:12 EDT 2008
I'm having a problem with a Check Point firewall cluster and
a Cisco router. The cluster is operating in "multicast load
sharing mode." In this mode, the unicast IP address of the
cluster is associated with all cluster machines by handing
out a multicast Ethernet address when the cluster gets an
ARP request for the address.
In a lab setup, I have a Cisco 851 connected to my two firewall
machines in the cluster. However, the Cisco router seems to
ignore the ARP responses containing the multicast Ethernet
address. If I sniff the connection between the two,
13:33:41.633395 arp who-has 192.168.111.42 tell 192.168.111.41
13:33:41.633403 arp reply 192.168.111.42 is-at 1:0:5e:28:6f:2a
13:33:44.462616 arp who-has 192.168.111.42 tell 192.168.111.41
13:33:44.462622 arp reply 192.168.111.42 is-at 1:0:5e:28:6f:2a
192.168.111.41 is the router. 192.168.111.42 is the firewall.
I've run,
#debug arp
On the router, and nothing interesting. I see it sending the ARP
requests, but it never mentions anything about seeing the responses.
If I add a static ARP entry,
#arp 192.168.111.42 0100.5e28.6f2a ARPA
Everything works fine.
Is there a way to tell the router to accept the ARP responses or
is the static entry the best option?
More information about the cisco-nsp
mailing list