ARP reply in VRRP
ashish thakur
Consider two routers RUT1 and RUT2 . If virtual router is configured
such that RUT1 is made address owner and RUT2 as backup . If an ARP
request is send to the virtual ip address (which is now same as the
RUT1 interface address) , Master (RUT1) will respod back with source
harware address in ARP packet as the virtual router MAC address .But
now if we disable VRRP on RUT1 , which will make RUT2 to become Master
and now if we send an ARP request to the virtual ip address, then will
RUT2 respond or RUT1 will respond or both ?
Vincent C Jones
This is an invalid configuration (the owner of a VRRP address must
participate in VRRP, so forget about using this to try to mix a Cisco
and non-Cisco router on the same LAN). Assuming RUT2 is an RFC2338
compliant VRRP implementation, it will respond to ARP requests as will
RUT1. Since RUT2 will never source traffic from the RUT1 IP nor respond
to IP packets addressed to RUT1 IP other than ARP requests, you may not
see any reports from either router complaining of duplicate IP
addressing on the LAN, but any switches could get royally confused by
the duplicate MAC address and every packet leaving the LAN will be
duplicated.
Good luck and have fun!
--
Vincent C Jones, Consultant Expert advice and a helping hand
Networking Unlimited, Inc. for those who want to manage and
Tenafly, NJ Phone: 201 568-7810 control their networking destiny
http://www.networkingunlimited.com
ashish thakur
> In article <e327ca27.02102...@posting.google.com>,
> ashish thakur <ash_t...@rediffmail.com> wrote:
> >I have a doubt related to virtual router respone for ARP request .
> >Consider two routers RUT1 and RUT2 . If virtual router is configured
> >such that RUT1 is made address owner and RUT2 as backup . If an ARP
> >request is send to the virtual ip address (which is now same as the
> >RUT1 interface address) , Master (RUT1) will respod back with source
> >harware address in ARP packet as the virtual router MAC address .But
> >now if we disable VRRP on RUT1 , which will make RUT2 to become Master
> >and now if we send an ARP request to the virtual ip address, then will
> >RUT2 respond or RUT1 will respond or both ?
>
> This is an invalid configuration (the owner of a VRRP address must
> participate in VRRP, so forget about using this to try to mix a Cisco
> and non-Cisco router on the same LAN). Assuming RUT2 is an RFC2338
> compliant VRRP implementation, it will respond to ARP requests as will
> RUT1. Since RUT2 will never source traffic from the RUT1 IP nor respond
> to IP packets addressed to RUT1 IP other than ARP requests, you may not
> see any reports from either router complaining of duplicate IP
> addressing on the LAN, but any switches could get royally confused by
> the duplicate MAC address and every packet leaving the LAN will be
> duplicated.
>
> Good luck and have fun!
Thanks a lot for that. I think that this phenommena can accur also
without doing an invalid configuration . If a shut-down trigger accurs
in RUT1 which will make it transition to Initialze state the above
duplication of MAC address will still be their .
Hansang Bae
ash_t...@rediffmail.com says...
> Thanks a lot for that. I think that this phenommena can accur also
> without doing an invalid configuration . If a shut-down trigger accurs
> in RUT1 which will make it transition to Initialze state the above
> duplication of MAC address will still be their .
When the router fails over, it will send out a gratuitous arp to update
everyone's cache. This should take care of most scenarios.
--
hsb
"Somehow I imagined this experience would be more rewarding" Calvin
*************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
********************************************************************
Due to the volume of email that I receive, I may not not be able to
reply to emails sent to my account. Please post a followup instead.
********************************************************************
ashish thakur
I doubt about router sending a gratuitous arp when transitioned to
initialize state .Perhaps it do sends an VRRP Advertisement with
priority equal to zero.
shope
news:apk9ri$g9l$1...@tp600.networkingunlimited.com...
> In article <e327ca27.02102...@posting.google.com>,
> ashish thakur <ash_t...@rediffmail.com> wrote:
> >I have a doubt related to virtual router respone for ARP request .
> >Consider two routers RUT1 and RUT2 . If virtual router is configured
> >such that RUT1 is made address owner and RUT2 as backup . If an ARP
> >request is send to the virtual ip address (which is now same as the
> >RUT1 interface address) , Master (RUT1) will respod back with source
> >harware address in ARP packet as the virtual router MAC address
I think this is not how it works (or wasnt last time i did some Sniffer
testing on Nortel VRRP routers and switches).
Any device replying to an ARP to a VRRP address - whether master or just
active owner uses the virtual MAC address.
That may or may not be the way the standard is written, but it seems
reasonable that you want to backup to use the same MAC as the master when it
takes over. When any VRRP interface goes active it sends out a "gratuitous
ARP" for its own address, so that switches etc will update the MAC tables
for the shared address - some older kit doesnt always work properly for
this, esp. with ATM LANE based backbones.
The standard says that the owner can respond to other packets than ARP, but
not backups when active - this lets an NMS tell when the VRRP master is down
as the PING response changes. But a lot of NMS systems get very confused in
real life. Many implementations let you set up a backup interface to respond
to PING when it is owner - otherwise you get large numbers of problems with
diagnostics from anyone who doesnt have knowledge of how it works.
In practise i try to use "all backup" VRRP interfaces at different
priorities - then i can add extra interfaces as active or standby when
altering the topology without making changes to the active kit.
Also - avoid setting up routing protocols on a master interface.
.But
> >now if we disable VRRP on RUT1 , which will make RUT2 to become Master
> >and now if we send an ARP request to the virtual ip address, then will
> >RUT2 respond or RUT1 will respond or both ?
>
> This is an invalid configuration (the owner of a VRRP address must
> participate in VRRP, so forget about using this to try to mix a Cisco
> and non-Cisco router on the same LAN). Assuming RUT2 is an RFC2338
> compliant VRRP implementation, it will respond to ARP requests as will
> RUT1. Since RUT2 will never source traffic from the RUT1 IP nor respond
> to IP packets addressed to RUT1 IP other than ARP requests, you may not
> see any reports from either router complaining of duplicate IP
> addressing on the LAN, but any switches could get royally confused by
> the duplicate MAC address and every packet leaving the LAN will be
> duplicated.
>
> Good luck and have fun!
> --
> Vincent C Jones, Consultant Expert advice and a helping hand
> Networking Unlimited, Inc. for those who want to manage and
> Tenafly, NJ Phone: 201 568-7810 control their networking destiny
> http://www.networkingunlimited.com
--
Good luck
Stephen Hope - remove xx from address.
James Kilton
thakur) wrote:
>
>I doubt about router sending a gratuitous arp when transitioned to
>initialize state .Perhaps it do sends an VRRP Advertisement with
>priority equal to zero.
Why would you doubt it? It makes perfect sense to do so... This is
what HSRP does.
Vincent C Jones
ashish thakur <ash_t...@rediffmail.com> wrote:
>> This is an invalid configuration (the owner of a VRRP address must
>> participate in VRRP, so forget about using this to try to mix a Cisco
>> and non-Cisco router on the same LAN). Assuming RUT2 is an RFC2338
>
>without doing an invalid configuration . If a shut-down trigger accurs
>in RUT1 which will make it transition to Initialze state the above
>duplication of MAC address will still be their .
Sounds like you are using a Unix box for a router. Adjust your init
scripts so VRRP is not shut down until the interfaces it is running on
are shut down. If this is a commercial router, complain to the vendor to
get it fixed.
Keep in mind that as long as routing is shut down and nothing is being
transmitted out the LAN interface, the duplicate MAC address is merely
an annoyance. Also keep in mind that you want to shut down VRRP before
you shut down routing, or the box turns into a black hole until the
standby kicks in. You need to decide whether duplicate or lost packets
is the greater evil :-)
Vincent C Jones
Huh?? The HSRP router transitioning into active state sends the
gratuitous ARP, not the router doing the resigning.
Hansang Bae
vcj...@networkingunlimited.com says...
> Huh?? The HSRP router transitioning into active state sends the
> gratuitous ARP, not the router doing the resigning.
But only if you use "standby use-bia" right? HSRP doesn't need to use G.A.
since it uses a virtual mac address as well as a virtual IP address.
Vincent C Jones
Hansang Bae <uo...@alp.ee.pbz> wrote:
>In article <apnft0$ifb$1...@tp600.networkingunlimited.com>,
>vcj...@networkingunlimited.com says...
>> Huh?? The HSRP router transitioning into active state sends the
>> gratuitous ARP, not the router doing the resigning.
>
>But only if you use "standby use-bia" right? HSRP doesn't need to use G.A.
>since it uses a virtual mac address as well as a virtual IP address.
>
The gratuitous ARP is required so that switches can learn the new
location of the HSRP MAC address. VRRP does the same thing for the same
reason.
Hansang Bae
vcj...@networkingunlimited.com says...
> The gratuitous ARP is required so that switches can learn the new
> location of the HSRP MAC address. VRRP does the same thing for the same
> reason.
I would've thought it would just relearn it. I don't recall seeing GAs,
when HSRP failed over. But then again, I wasn't looking for it either.
Thanks
shope
> In article <e327ca27.02102...@posting.google.com>,
> ashish thakur <ash_t...@rediffmail.com> wrote:
> >> This is an invalid configuration (the owner of a VRRP address must
> >> participate in VRRP, so forget about using this to try to mix a Cisco
> >> and non-Cisco router on the same LAN). Assuming RUT2 is an RFC2338
> >
> >Thanks a lot for that. I think that this phenommena can accur also
> >without doing an invalid configuration . If a shut-down trigger accurs
> >in RUT1 which will make it transition to Initialze state the above
> >duplication of MAC address will still be their .
>
> Sounds like you are using a Unix box for a router. Adjust your init
> scripts so VRRP is not shut down until the interfaces it is running on
> are shut down. If this is a commercial router, complain to the vendor to
> get it fixed.
>
> Keep in mind that as long as routing is shut down and nothing is being
> transmitted out the LAN interface, the duplicate MAC address is merely
> an annoyance. Also keep in mind that you want to shut down VRRP before
> you shut down routing, or the box turns into a black hole until the
> standby kicks in. You need to decide whether duplicate or lost packets
> is the greater evil :-)
Vncent - the black hole argument is true as far as it goes - but with
default VRRP parameters you only lose the default gateway for 3 seconds - so
in practise this has not been a big issue. Also i thought thatthe standard
provides for a graceful shutdown mechanism?
Since any backup routers can still send packets into the VRRP subnet while
in backup mode, you only lose traffic in 1 direction for that 3 seconds.
>
> --
> Vincent C Jones, Consultant Expert advice and a helping hand
> Networking Unlimited, Inc. for those who want to manage and
> Tenafly, NJ Phone: 201 568-7810 control their networking destiny
> http://www.networkingunlimited.com
ashish thakur
it now seems that if we do not allow configuring of shut-down trigger
for the address owner , then this might solve the problem
Barry Margolin
Hansang Bae <uo...@alp.ee.pbz> wrote:
>In article <apnjar$imd$1...@tp600.networkingunlimited.com>,
>vcj...@networkingunlimited.com says...
>> The gratuitous ARP is required so that switches can learn the new
>> location of the HSRP MAC address. VRRP does the same thing for the same
>> reason.
>
>I would've thought it would just relearn it.
How would it do that? Switches only learn the location of a MAC address
when they see something with that *source* address. Routers don't usually
send anything from the virtual MAC or IP address; when they send traffic,
it's always from their real address. The exception is when they're
responding to ARP for the virtual IP.
--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
James Kilton
(Vincent C Jones) wrote:
>In article <e7curuola97rphkv4...@4ax.com>,
>James Kilton <kil...@yahoo.com> wrote:
>>On 29 Oct 2002 05:13:31 -0800, ash_t...@rediffmail.com (ashish
>>thakur) wrote:
>>>
>>>I doubt about router sending a gratuitous arp when transitioned to
>>>initialize state .Perhaps it do sends an VRRP Advertisement with
>>>priority equal to zero.
>>
>>Why would you doubt it? It makes perfect sense to do so... This is
>>what HSRP does.
>
>Huh?? The HSRP router transitioning into active state sends the
>gratuitous ARP, not the router doing the resigning.
I thought that's what he was referring to... Missed the word
'initialize'.
Hansang Bae
> Hansang Bae <uo...@alp.ee.pbz> wrote:
> >I would've thought it would just relearn it.
In article <95Tv9.3$mJ3...@paloalto-snr1.gtei.net>, bar...@genuity.net
says...
> How would it do that? Switches only learn the location of a MAC address
> when they see something with that *source* address. Routers don't usually
> send anything from the virtual MAC or IP address; when they send traffic,
> it's always from their real address. The exception is when they're
> responding to ARP for the virtual IP.
Doh! again. Boy, I'm doing really good this week!