[j-nsp] Weird ARP issue

Luca Salvatore Luca at ninefold.com
Wed Jan 30 22:30:02 EST 2013 

I Haven’t touched any ARP config, it’s just the defaults.

The plot thickens:

I did some port-mirroring, when I send traffic on port 80 to the VM the switch will generate an Arp request.
Same if I do a ping, I see an ARP request.

However for SSH traffic, the switch never generates an ARP request so the traffic never gets to the end host.

Luca


Luca

From: Payam Chychi [mailto:pchychi at gmail.com]
Sent: Thursday, 31 January 2013 1:48 PM
To: Luca Salvatore
Subject: Re: [j-nsp] Weird ARP issue

What does your arp setup look like? I recall something about juniper handling arp differently depending on if you have arp proxy enabled

--
Payam Chychi
Network Engineer / Security Specialist


On Wednesday, 30 January, 2013 at 4:54 PM, Luca Salvatore wrote:
Yes it must be the server... the switch doesn't care what type of traffic it is.
The XenServers are running Open VSwitch though

Luca


-----Original Message-----
From: Aaron Dewell [mailto:aaron.dewell at gmail.com]
Sent: Thursday, 31 January 2013 11:50 AM
To: Luca Salvatore
Cc: juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Weird ARP issue


Sounds like a Xen bridge issue, but I have no definitive experience or reason other than that's the only thing in the path which might block it. Strange that it would pass an arp for a ping but not for SSH. Should be the same arp off the switch either way.

On Jan 30, 2013, at 5:41 PM, Luca Salvatore wrote:
I have a very strange problem that may or may not be related to my switch, but I'm running out of ideas.


I have a EX4200 switch running 11.4R2.14. The EX has a bunch of VLANs and is doing some basic routing using the L3 VLAN interfaces.
Connected to this switch is some servers running XenServer with a bunch of VMs.

Now, the issue I'm seeing is:
When I try to SSH to a VM running on the XenServers i don't get any connection.
If I then send a ping to the VM my SSH connection works.

What I see happening is that there is no ARP entry in the switch when I use SSH.
As soon as I send a ping, the switch sends an ARP request and gets a reply.

In other words:
When SSH is used and I do a TCP dump on the server I do not see an ARP
request But when I send a ping, I see the ARP request (from the switch) hit the server and the response comes back, the switch the has an ARP entry and everything works.

Wondering if anyone has any thoughts here?
I'm about to do a port-mirror to try and dig a bit deeper, but not really confident it will help.

Thanks
Luca.

_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list