[j-nsp] Odd issue with ARP in different subnet

Gordon Smith gordon at gswsystems.com
Wed Mar 9 18:09:20 EST 2011


 Check the default router config.

 When the server sends the arp request, the router should reply with 
 it's own MAC address
 Does it not have a route back to the switch?


 On Wed, 9 Mar 2011 09:43:43 -0600, Chris Adams wrote:
> I have run into an odd issue with ARP on an EX switch that I think is 
> a
> bug in JUNOS, but I wanted to see what others thought before I tried
> JTAC (maybe I'm missing something).
>
> I have an EX2200 switch that cannot talk to one of my recursive DNS
> servers.  The switch is in subnet a.b.c.0/27, while the DNS IP is in
> x.y.z.0/29.  The DNS IP is anycasted, and the primary server serving 
> it
> is in the same a.c.b.0/27 subnet as the switch (the DNS IP is a
> secondary IP on the same interface).
>
> When the switch tries to reach the DNS IP, it sends the packet to the
> default router.  The router sends it to the server, and the server 
> sends
> an ARP request for the switch's IP.  The sending IP address in the 
> ARP
> request is the DNS IP.  As far as I can tell, JUNOS doesn't send a
> response to the ARP request.
>
> I'm guessing that it isn't sending a response because the sending IP 
> is
> in a different subnet, but as far as I can tell from reading the ARP 
> RFC
> (826), that is not supposed to figure into an ARP response.
>
> The DNS server is Linux, and I can see Linux will respond to
> out-of-subnet ARP requests.  I also have an old Cisco switch in the 
> same
> subnet, and it also responds to out-of-subnet ARP requests.
>
> If I ping the switch from the Linux server, the ARP request goes out
> with the IP in the same subnet, the switch responds, the Linux server
> gets an ARP cache entry, and communication works both ways for all 
> IPs
> until the ARP cache entry expires on the Linux side.



More information about the juniper-nsp mailing list