[f-nsp] ARP and VRRP-E on FastIron
Chris A. Evans
caevans at olp.net
Thu Mar 3 21:53:52 EST 2016
>From the FastIron Ethernet Switch Layer 3 Routing Configuration Guide, 08.0.30:
"ARP behavior with VRRP-E
In the VRRP-E implementation, the source MAC address of the gratuitous Address Resolution
Protocol (ARP) request sent by the VRRP-E Master router is the VRRP-E virtual MAC address. When
the router (either the Master or Backup router) sends an ARP request or reply packet, the sender’s
MAC address becomes the MAC address of the interface on the router."
On Thu, Mar 03, 2016 at 07:48:13PM -0600, frnkblk at iname.com wrote:
>We turned up a feature on an access shelf downstream of our Brocade ICX6650
>stack that broke most end-user connectivity.
>We're using VRRP-E, with x.y.z.2 and x.y.z.3 as physical IPs on routers A
>and B, respectively, and x.y.z.1 as the virtual IP.
>After our vendor did some troubleshooting they shared that while the devices
>downstream of the access shelf were ARPing for the virtual IP of .1, ICX
>6650 "B" was responding to the ARP with a source IP address of .3, and the
>access shelf would (properly) discard it (it appears spoofed, of course).
>We hope to get packet capture overnight, but while that's in process, does
>anyone have insight into how it should and does work?
>According to the documentation
>l3guide/GUID-5E2D993A-C30C-4998-A98E-5B75731A2BA1.html), "When an ARP
>request packet for the virtual router IP address is received by the Backup
>router, it is forwarded to the Master router to resolve the ARP request.
>Only the Master router answers the ARP request for the virtual router IP
>address." That doesn't make it clear if the Master router (in our case, A),
>uses it's physical or virtual IP.
>foundry-nsp mailing list
>foundry-nsp at puck.nether.net
More information about the foundry-nsp