[c-nsp] Learning a Multicast Ethernet for Unicast IP via ARP
David Sinn
dsinn at dsinn.com
Fri Oct 17 18:49:05 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ignoring ARP responses that return multicast (or broadcast) MAC
addresses is required by the RFC1812 Section 3.3.2. Static ARP's are
the only options (or working on getting the RFC changed).
David
On Oct 17, 2008, at 3:00 PM, Crist Clark wrote:
> I'm having a problem with a Check Point firewall cluster and
> a Cisco router. The cluster is operating in "multicast load
> sharing mode." In this mode, the unicast IP address of the
> cluster is associated with all cluster machines by handing
> out a multicast Ethernet address when the cluster gets an
> ARP request for the address.
>
> In a lab setup, I have a Cisco 851 connected to my two firewall
> machines in the cluster. However, the Cisco router seems to
> ignore the ARP responses containing the multicast Ethernet
> address. If I sniff the connection between the two,
>
> 13:33:41.633395 arp who-has 192.168.111.42 tell 192.168.111.41
> 13:33:41.633403 arp reply 192.168.111.42 is-at 1:0:5e:28:6f:2a
> 13:33:44.462616 arp who-has 192.168.111.42 tell 192.168.111.41
> 13:33:44.462622 arp reply 192.168.111.42 is-at 1:0:5e:28:6f:2a
>
> 192.168.111.41 is the router. 192.168.111.42 is the firewall.
>
> I've run,
>
> #debug arp
>
> On the router, and nothing interesting. I see it sending the ARP
> requests, but it never mentions anything about seeing the responses.
>
> If I add a static ARP entry,
>
> #arp 192.168.111.42 0100.5e28.6f2a ARPA
>
> Everything works fine.
>
> Is there a way to tell the router to accept the ARP responses or
> is the static entry the best option?
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAkj5FmEACgkQLa9jIE3ZamPUOQCgjdZVW50mMcp7hDOIaXjNXU+Q
MVwAnj4Dp3de2lDUrNdUtGFDETHDiJwg
=vb8u
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list