[j-nsp] Weird ARP issue

Huan Pham drie.huanpham at gmail.com
Thu Jan 31 03:27:29 EST 2013 

Interesting finding!!! I think this is just a bug.

---

Huan Pham

On 31/01/2013, at 7:01 PM, Luca Salvatore <Luca at ninefold.com> wrote:

> It seems a routing engine filter on lo0 was the cause. The filter was only allowing SSH to/from specific addresses.  Once we removed the filter the traffic ARPs worked and traffic flowed.
> 
> Why is the switch using the routing engine filter for transit traffic?
> 
> Sent from my iPhone
> 
> On 31/01/2013, at 3:58 PM, "Payam Chychi" <pchychi at gmail.com<mailto:pchychi at gmail.com>> wrote:
> 
> Mmm are the mac addresses for the host arping via ping different than the host that does not arp via ssh?
> 
> If so, it Might be an issue with virtual mac addreases
> 
> --
> Payam Chychi
> Network Engineer / Security Specialist
> 
> 
> On Wednesday, 30 January, 2013 at 7:29 PM, Luca Salvatore wrote:
> 
> I Haven’t touched any ARP config, it’s just the defaults.
> 
> 
> 
> The plot thickens:
> 
> 
> 
> I did some port-mirroring, when I send traffic on port 80 to the VM the switch will generate an Arp request.
> 
> Same if I do a ping, I see an ARP request.
> 
> 
> 
> However for SSH traffic, the switch never generates an ARP request so the traffic never gets to the end host.
> 
> 
> 
> Luca
> 
> 
> 
> From: Payam Chychi [mailto:pchychi at gmail.com]
> Sent: Thursday, 31 January 2013 1:48 PM
> To: Luca Salvatore
> Subject: Re: [j-nsp] Weird ARP issue
> 
> 
> 
> What does your arp setup look like? I recall something about juniper handling arp differently depending on if you have arp proxy enabled
> 
> 
> 
> --
> Payam Chychi
> Network Engineer / Security Specialist
> 
> 
> 
> On Wednesday, 30 January, 2013 at 4:54 PM, Luca Salvatore wrote:
> 
> Yes it must be the server... the switch doesn't care what type of traffic it is.
> 
> The XenServers are running Open VSwitch though
> 
> 
> 
> Luca
> 
> 
> 
> 
> 
> -----Original Message-----
> 
> From: Aaron Dewell [mailto:aaron.dewell at gmail.com]
> 
> Sent: Thursday, 31 January 2013 11:50 AM
> 
> To: Luca Salvatore
> 
> Cc: juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
> 
> Subject: Re: [j-nsp] Weird ARP issue
> 
> 
> 
> 
> 
> Sounds like a Xen bridge issue, but I have no definitive experience or reason other than that's the only thing in the path which might block it. Strange that it would pass an arp for a ping but not for SSH. Should be the same arp off the switch either way.
> 
> 
> 
> On Jan 30, 2013, at 5:41 PM, Luca Salvatore wrote:
> 
> I have a very strange problem that may or may not be related to my switch, but I'm running out of ideas.
> 
> 
> 
> 
> 
> I have a EX4200 switch running 11.4R2.14. The EX has a bunch of VLANs and is doing some basic routing using the L3 VLAN interfaces.
> 
> Connected to this switch is some servers running XenServer with a bunch of VMs.
> 
> 
> 
> Now, the issue I'm seeing is:
> 
> When I try to SSH to a VM running on the XenServers i don't get any connection.
> 
> If I then send a ping to the VM my SSH connection works.
> 
> 
> 
> What I see happening is that there is no ARP entry in the switch when I use SSH.
> 
> As soon as I send a ping, the switch sends an ARP request and gets a reply.
> 
> 
> 
> In other words:
> 
> When SSH is used and I do a TCP dump on the server I do not see an ARP
> 
> request But when I send a ping, I see the ARP request (from the switch) hit the server and the response comes back, the switch the has an ARP entry and everything works.
> 
> 
> 
> Wondering if anyone has any thoughts here?
> 
> I'm about to do a port-mirror to try and dig a bit deeper, but not really confident it will help.
> 
> 
> 
> Thanks
> 
> Luca.
> 
> 
> 
> _______________________________________________
> 
> juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
> 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> 
> 
> 
> _______________________________________________
> 
> juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
> 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list