vlan and arp cache
Gabriele Guasco
I have a problem very similar to the one described on "problem with
vlan + arp" posted on this newsgroup on Sept , 2009 but I can't
understand the answer so I kindly ask your help:
let's consider the scenario described in that post: if the arp timeout
in the router is lower than the mac address timeout in the mac
forwarding table in the switch there should be no problem because the
router will arp the dest_IP_addr and the switch will just refresh the
mac forw table when the destination host will reply to the arp,
right??
But (here is what I probably didn't undestand) in my opinion if the
arp timeout in the router is higher than the mac addr timeout in the
switch, the router will send a unicast frame (bacause he know the
correct dest_mac_adress) and the switch will forward that frame on
every port exept the source port of the frame (as far as I know the
switches do this when they don-t know where a mac address is), if this
is correct there should be no ping timeout neither is the first nor in
the second scenario; so i can't imagine a scenario in wich this
"timeout mismatch" could be a problem....but in my networdk I have the
same problem and I solve it clearing the arp-cache on the router :-).
Would someone please clarify me when the timeout mismatch can cause a
problem? Thank you very much for reading.
Gabriele
Andrey Tarasov
Welcome, time traveler! Since we are just finishing living June, 2009,
could you be so kind to post the original problem? Otherwise we will
have to wait until September before being able to answer your question.
Regards,
Andrey.
Trendkill
What is the problem occuring on? You losing pings, or complete
traffic to a particular IP? Anything unique on the boxes being
impacted, i.e. load balancing, multicast, etc? Short answer is,
perhaps there is load balancing and one of your boxes is having a
problem. and clearing arp is the only thing that is forcing the usage
of the other box in the cluster (which would have a different mac). I
agree with your overall assessment of how things should work, but I
would not be convinced that you have something in the mix that is
making it behave differently. Here is a good link from cisco in the
meantime:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00807347ab.shtml
John Agosta
"Andrey Tarasov" <and...@email.com> wrote in message
news:h1s0pf$1unh$1...@news.aha.ru...
That's pretty funny, Andrey !
Thrill5
HSRP on Routers A and B for multiple VLANs. Router A is the default
gateway for the client, so A will receive traffic from the client. Each
time a packet is received from client, the CAM table is updated. If Router
B is the default gateway for the server (or the next hop router to the VLAN
the client is on), then B will always receive traffic for the replies to the
client.. Now on router B, if the client's MAC address is not in the ARP
table, B will ARP the client. When the client responds, both the ARP and
the CAM table are updated. After the CAM table times out, the ARP entry is
still there so B will know the MAC of the client, but the MAC will not exist
in the CAM table. Router B will then flood the packet because at layer 2,
this is an unknown MAC address.
The reason setting the ARP cache timeout and the CAM timeout to the same
value fixes this problem is because when CAM table entry expires, so does
the ARP entry. The router will then ARP the client and both tables get
refreshed. The key to this problem is that both the ARP and CAM table
timeout values are reset only when a packet is received from the client, not
when one is sent to it.
It is a Cisco recommended practice to always set the ARP and CAM timeouts to
the same value when running HSRP in order to prevent this problem. There
is debate as to weather you should lower the ARP timeout or raise the CAM
timeout. I always lower the ARP timeout to match the CAM timeout, which is
300 seconds.
"Gabriele Guasco" <gabriel...@gmail.com> wrote in message
news:9f6a615c-8ffe-4c77...@e39g2000yqh.googlegroups.com...