Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ARP question

Hi,

I have a content switch that is setup with ip critical service which pings the firewall interface to check for availability.

After we rebooted the 6509 switch the content switch VIP does not work and later found that there was a firewall rule change one month ago to restrict ping.

Does anyone know why it work for one month before we rebooted the switch?

Thanks,

Steve

2 REPLIES
Silver

Re: ARP question

I think if the CSS was configured with a protocol-only content rule (that is, "protocol tcp" but no "port") and the VIP range on the content rule was changed, a reboot was required for the configuration change to take effect even suspending and activating the content rule.

The problem is that there are many different content rules and a lot

of them use the same servers (just on different ports) so a lot of the

services will have the same IP addresses. So what I need to figure out

is a way to create a generic group rule which will be able to do the NAT for those servers on all the different ports.

New Member

Re: ARP question

Once a conversation makes it into some tables on some devices all packets matching it will be allowed to pass. In those types of setups, access lists only check packets that do not yet belong to a conversation.

Conversations are assumed to time out eventually, but will not time out if there is always traffic to keep them alive, which sounds like what you had going. The reboot might have allowed the conversation to get flushed by preventing the packets that were keeping it alove from reaching the device maintaining the table.

That of course is a "meta guess" and whether you would be subject o this sort of behavior depends on the exact details of your network.

Related terms: FIB, CEF. "connection" in PIXland (a less than helpfully ambiguous word.)

94
Views
0
Helpful
2
Replies