Hi Gillies,

Thank you for your reply!

I have UNIX based box (Stratus), and it has a VERY old IP stack on which my company has integrated the application and we are UNABLE to upgrade the IP stack.

The end-to-end application was working fine with routers, unknown to all of us the router was proxying for a subnet 6 hops away.

However when we installed the CSS's in Box-Box redundancy the end-to-end solution stopped work. Symptom Half-open TCP connection from the client perspective.

After installing a sniffer it was pinpointed to the Stratus arping for a MAC address for a subnet 6 hops away, on its local segment.

Hence my question can I enable the CSS to answer the arp giving its own MAC address of the active interface.

NOTE: I would only want to do this enable on the Stratus segment or an alternative solution?

I hope this will answer your question?

Cheers

It sounds like your Stratus box does not have the correct subnet and is using the classfull network mask. To check this out you can run an "ifconfig -a" and verify the mask.

I recall from working with pre-solaris versions that the Sun would forget its mask.

You are CORRECT and it does NOT support VSLM and we have multiple interfaces on the 10.0.0.0 address space which make it even more complex.

I can see the following solution without tinkering with the Stratus (Politics):-

A) enable Proxy on the CSS if possible?

B) NAT the source address, to the Startus side of the ethernet port on the CSS(no auth is done on the client source IP address left to the uppper layers). I am not sure if I can do this, I know I can NAT the source to the VIP address?

The Sun will support subnetting, if all the interfaces have the same mask or you can specify it in the /etc/networks file.

re A:

The general rule for proxy arp on routers is that the route has to be in the routing table for a different interface. Maybe this or hardcoding an arp entry will make it work.

B sounds like a plan C with NATing to the VIP.