03-05-2010 01:45 AM - edited 03-04-2019 07:42 AM
Hi guys
last night we had an issue with one of our servers, basically I have 2 core switches using vrrp, we have remote sites that come into the office, this traffic then hits the core switches, then to the server. what was happening is that everything on the lan locally on the core seems ok on the active router, but the wan traffic comes into the backup master router. The server is a cluster and has an alias address, from the wan we can ping the real addresses but not the alias, but from the lans locally it seems fine. One thing I noticed is that the alias arp entry was missing from one of the core routers, the one where it comes in from the wan.
The only way I got it working was to run a ping from the core switch to the server, this then put the arp entry back in the cache. but when I ping from the wan its almost like its not arping!!
any ideas why this is happening ?
cheers
Carl
03-05-2010 02:53 AM
Hello Carl,
was the ARP entry missing on VRRP master or on VRRP standby core switch?
traffic in each direction can use a different path and this is not a problem unless there is a FW on path that worries about this.
if traffic from server was sent to VRRP master this is expected.
the other core switch has an ARP entry if it has talked to the host in last 4 hours.
The problem I see is that someone should answer the ARP request to find out the MAC address for the alias.
if I've understood you correctly the problem is related to the alias not to the real server IP address.
a possible fixup could be the use of a static ARP entry
conf t
arp alias-ipaddress xxxx.yyyy.zzzz arpa
Hope to help
Giuseppe
03-05-2010 03:22 AM
Does the virtual server use Microsoft NLB (Network Load Balancing)? If so, you will need a static ARP entry in the routers.
Kevin Dorrell
Luxembourg
03-05-2010 03:58 AM
hi there
the servers are in different rooms in a cluster, and on this site they are some Nortel Passports (not cisco i know :-) , i have tried to add the static arp entry on them but it looks liek you have to assign it to a layer 3 port, you cant add them using a L3 vlan, I wonder why this is...
cheers
03-05-2010 04:01 AM
Hello Carl,
the static ARP has to be added on device on destination subnet not on routers that are on remote sites
Hope to help
Giuseppe
03-05-2010 04:06 AM
Hi Guislar
Yes I know this, the central router as the Nortel passport, it wont let me add them unless the interface is L3, I think my only option is the turn off the backup master function on my vrrp backup, Nortel have a feature where the Backup master can also route if the traffic hits there first, this shoudl resolve the issue!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide