I have doubt regarding portfast being linked to an arp issue.
Do you have any kind of arp inspection set up on your 6500, and is the 6500 performing the routing? Can you view the arp table and verify that the arp table is not updating to reflect the new mac-address? Do the servers send out any gratuitous-arps as part of the failover process in order to make sure the network is aware of the change as quickly as possible?
Yes, the as soon as it has a way to recognize the backup server as the new owner of that IP it will change the arp table to reflect that.
Most systems accomplish this through a gratuitous ARP. You may want to hook a packet sniffer up and view the traffic flowing across the network during the changeover period. If you do not see any sort of 'announcement' then it's most likely a server issue. If you see it on the wire, but it's being ignored, then it's a problem with the network.
Also, you will need to check the router local to the server, not the core to see if that ARP table it updating. ARP is a local concept.
check on the 6509 (sh arp) if you see the mac address changing of 10.10.10.1 during failover. the 6509 is propably not detecting the ip change and is still sending packets for 10.10.10.1 to the old server (old mac address). do a 'clear arp' on 6509. does this recover communication ? during failover the sec server (!) must sent gratuitious arp packets to update the arp values on the router. these arp pkts are broadcast so should be bridged from the DR site to the main site.
First of all, I do not believe that portfast is causing any of this problem. In fact I suspect that things would be worse if portfast were not enabled since without portfast there would be a period while the interface initializes, listens, learns, before it can forward and that might complicate the fail over process.
Secondly I hope that you can clarify the topology. If the fail over server is at the DR site and if there is a router in addition to the 6500 it would be nice to know how things are connected and what (and how) is being bridged.
Bottom line of it is to ask whether the primary server and the fail over server are really in the same broadcast domain? If the primary server pings the fail over server, does the primary server have an entry for the MAC address of the fail over in the arp cache of the primary server?
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...