[j-nsp] Odd issue with ARP in different subnet
Gordon Smith
gordon at gswsystems.com
Wed Mar 9 18:09:20 EST 2011
Check the default router config.
When the server sends the arp request, the router should reply with
it's own MAC address
Does it not have a route back to the switch?
On Wed, 9 Mar 2011 09:43:43 -0600, Chris Adams wrote:
> I have run into an odd issue with ARP on an EX switch that I think is
> a
> bug in JUNOS, but I wanted to see what others thought before I tried
> JTAC (maybe I'm missing something).
>
> I have an EX2200 switch that cannot talk to one of my recursive DNS
> servers. The switch is in subnet a.b.c.0/27, while the DNS IP is in
> x.y.z.0/29. The DNS IP is anycasted, and the primary server serving
> it
> is in the same a.c.b.0/27 subnet as the switch (the DNS IP is a
> secondary IP on the same interface).
>
> When the switch tries to reach the DNS IP, it sends the packet to the
> default router. The router sends it to the server, and the server
> sends
> an ARP request for the switch's IP. The sending IP address in the
> ARP
> request is the DNS IP. As far as I can tell, JUNOS doesn't send a
> response to the ARP request.
>
> I'm guessing that it isn't sending a response because the sending IP
> is
> in a different subnet, but as far as I can tell from reading the ARP
> RFC
> (826), that is not supposed to figure into an ARP response.
>
> The DNS server is Linux, and I can see Linux will respond to
> out-of-subnet ARP requests. I also have an old Cisco switch in the
> same
> subnet, and it also responds to out-of-subnet ARP requests.
>
> If I ping the switch from the Linux server, the ARP request goes out
> with the IP in the same subnet, the switch responds, the Linux server
> gets an ARP cache entry, and communication works both ways for all
> IPs
> until the ARP cache entry expires on the Linux side.
More information about the juniper-nsp
mailing list