[j-nsp] Weird ARP issue

[Luca Salvatore]

Yes it must be the server... the switch doesn't care what type of traffic it is.
The XenServers are running Open VSwitch though

Luca


-----Original Message-----
From: Aaron Dewell [mailto:aaron.dewell at gmail.com] 
Sent: Thursday, 31 January 2013 11:50 AM
To: Luca Salvatore
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Weird ARP issue


Sounds like a Xen bridge issue, but I have no definitive experience or reason other than that's the only thing in the path which might block it.  Strange that it would pass an arp for a ping but not for SSH.  Should be the same arp off the switch either way.

On Jan 30, 2013, at 5:41 PM, Luca Salvatore wrote:
> I have a very strange problem that may or may not be related to my switch, but I'm running out of ideas.
> 
> 
> I have a EX4200 switch running 11.4R2.14.  The EX has a bunch of VLANs and is doing some basic routing using the L3 VLAN interfaces.
> Connected to this switch is some servers running XenServer with a bunch of VMs.
> 
> Now, the issue I'm seeing is:
> When I try to SSH to a VM running on the XenServers i don't get any connection.
> If I then send a ping to the VM my SSH connection works.
> 
> What I see happening is that there is no ARP entry in the switch when I use SSH.
> As soon as I send a ping, the switch sends an ARP request and gets a reply.
> 
> In other words:
> When SSH is used and I do a TCP dump on the server I do not see an ARP 
> request But when I send a ping, I see the ARP request (from the switch) hit the server and the response comes back, the switch the has an ARP entry and everything works.
> 
> Wondering if anyone has any thoughts here?
> I'm about to do a port-mirror to try and dig a bit deeper, but not really confident it will help.
> 
> Thanks
> Luca.
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp