[j-nsp] Odd issue with ARP in different subnet

[Chris Adams]

I have run into an odd issue with ARP on an EX switch that I think is a
bug in JUNOS, but I wanted to see what others thought before I tried
JTAC (maybe I'm missing something).

I have an EX2200 switch that cannot talk to one of my recursive DNS
servers.  The switch is in subnet a.b.c.0/27, while the DNS IP is in
x.y.z.0/29.  The DNS IP is anycasted, and the primary server serving it
is in the same a.c.b.0/27 subnet as the switch (the DNS IP is a
secondary IP on the same interface).

When the switch tries to reach the DNS IP, it sends the packet to the
default router.  The router sends it to the server, and the server sends
an ARP request for the switch's IP.  The sending IP address in the ARP
request is the DNS IP.  As far as I can tell, JUNOS doesn't send a
response to the ARP request.

I'm guessing that it isn't sending a response because the sending IP is
in a different subnet, but as far as I can tell from reading the ARP RFC
(826), that is not supposed to figure into an ARP response.

The DNS server is Linux, and I can see Linux will respond to
out-of-subnet ARP requests.  I also have an old Cisco switch in the same
subnet, and it also responds to out-of-subnet ARP requests.

If I ping the switch from the Linux server, the ARP request goes out
with the IP in the same subnet, the switch responds, the Linux server
gets an ARP cache entry, and communication works both ways for all IPs
until the ARP cache entry expires on the Linux side.

-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.