ACE arp table issue

Answered Question
Nov 14th, 2007

I have a problem with arp in a context in the ACE

I have 7 identically configured policies, all servers are currently out of service (they are not yet live) so in turn all VIPs are out of service. However, 2 of them appear in the arp table but not the rest.

VIPs A and B appear in the arp table, but not the rest...

ACE/C1# sh arp | i VSERVER

1.1.1.13 xx.xx.xx.xx.xx.xx vlan51 VSERVER LOCAL _ up

1.1.1.15 xx.xx.xx.xx.xx.xx vlan51 VSERVER LOCAL _ up

ACE/C1# sh service-policy | i OUTOFSERVICE

VIP state: OUTOFSERVICE !A - 1.1.1.13

VIP state: OUTOFSERVICE !B - 1.1.1.15

VIP state: OUTOFSERVICE !C

VIP state: OUTOFSERVICE !D

VIP state: OUTOFSERVICE !E

VIP state: OUTOFSERVICE !F

VIP state: OUTOFSERVICE !G

policy-map multi-match VIP-A_LB_Policy

class VIP-A_VIP_Class

loadbalance vip inservice

loadbalance policy VIP-A_L7_Policy

loadbalance vip icmp-reply active

loadbalance vip advertise active

...

policy-map multi-match VIP-G_LB_Policy

class VIP-G_VIP_Class

loadbalance vip inservice

loadbalance policy VIP-G_L7_Policy

loadbalance vip icmp-reply active

loadbalance vip advertise active

It is causing problems with the client's monitoring of the VIPs.

How is this possible?

I have this problem too.
0 votes
Correct Answer by Syed Iftekhar Ahmed about 9 years 3 weeks ago

ARP entry for VSERVER is shown only if the vserver is in the same subnet as the interface, where the service-policy is applied.

Syed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
danger_mousie Wed, 11/14/2007 - 11:59

Also note: adding a static arp didn't appear in the arp table either, and removing

loadbalance vip icmp-reply active

loadbalance vip advertise active

didn't change anything either.

danger_mousie Mon, 11/19/2007 - 07:28

Please can you still help me on this...

All the VIPs are now up and running but still only 2 have an entry in the arp table. There are 7 vservers but only 2 in the arp table. They are working but I need performance to be consistent. I think it may be related to the ifmgr service going to 25% every 15 seconds too.

Is there a maximum number of Vservers that can be held in the ARP table?

Help!

Correct Answer
Syed Iftekhar Ahmed Mon, 11/19/2007 - 13:12

ARP entry for VSERVER is shown only if the vserver is in the same subnet as the interface, where the service-policy is applied.

Syed

danger_mousie Mon, 11/19/2007 - 14:19

Thanks! Increased the subnet mask in design and other interfaces, but must have missed the vlan interface on the ace. will confirm tomorrow.

danger_mousie Tue, 11/20/2007 - 05:00

Great stuff, the 7 arp entries are there now. But they are still missing on the 6509. I have checked the subnet mask there and it's correct. I've cleared the arp table for the VLAN and no chnge (naturally). Will try debug ...

danger_mousie Tue, 11/20/2007 - 05:24

broadcast goes out, the VIP arps present on the ACE don't reply to the 659 sup.

danger_mousie Sun, 11/25/2007 - 00:44

That was a great help, but before I close off this conversation, any thoughts on why the sup/6509 is still only seeing the first 2 and not the last 5. I have checked and the subnet masks are all correct now.

Gilles Dufour Tue, 11/20/2007 - 07:35

every 15 sec interface stats need to be sent to the supervisor. It takes 1.5 sec to collect those stats which is why you see an increase in CPU every 15 sec.

This is normal behavior.

Gilles.

Actions

This Discussion