Loss of inter VLAN connectivity :- DHCP, ARP, MLS

formans · ‎11-03-2003

We have several user VLANs using DHCP with 2 IP helper addresses configured on default gateway. The Server VLAN is off the same layer 3 and uses fixed addresses.

When client sends DHCP request, both DHCP servers respond with different IP addresses. The responses are delivered as unicasts back to the client. The client accepts one address and ignores the other.

Checking the layer 3 arp cache shows that the client MAC address is recorded twice against both the active IP address and the offer that was ignored.

Example

Internet 10.192.7.163 0 0030.0503.53ce ARPA Vlan207

Internet 10.192.7.23 119 0030.0503.53ce ARPA Vlan207

Is this expected behaviour ?

Reason for asking is that we have an intermittent problem with inter VLAN connectivity which can be resolved by clearing ARP cache on layer 3. A user that has recently obtained an address is sometimes not able to reach the server VLAN. Traces taken of ICMP between workstation and server appear to show ICMP reply messages being delivered to the MAC address of the workstation, but with the IP address that the client was offered but ignored.

At the moment, I suspect that MLS may be contributing to the issue. Are there any good references to how MLS uses arp cache information or known issues with this type of arrangement ?

Any help gratefully received.

Thanks in advance,

Steve

tbaranski · ‎11-03-2003

Sounds strange. Presumably when the server is pinged it's going to respond to the IP address that pinged it. So if return traffic is being sent to a different IP than the initial traffic was sourced by, that's highly irregular.

I'd recommend running & analyzing a trace on both the initial DHCP traffic as well as traffic from/to the workstation after the DHCP process is completed. I wouldn't worry much about the ARP cache issue for now, as the dual ARP entries could be caused by the workstation sending out gratuitous ARPs for both offered IP addresses before making a decision on which one it wants. This wouldn't be an unreasonable way of doing things, I suppose.

formans · ‎11-05-2003

Thanks for the reply.

Because the problem is intermittent, we are having to wait a while between capturing examples on the test workstation. Each capture tends to raise more questions, so we haven't yet really got a definitive problem statement. Once we have, I'll try to post a more specific message.

Clearing the ARP cache at layer three is one way we have found of fixing the problem, so I'm trying to work out what is going wrong in the first instance and how clearing the cache resolves the issue.

glen.grant · ‎11-05-2003

this sounds similiar to a problem that we were seeing , we ended up upgrading the mls to 7.4.3 and the MSF to 12.1.19 E1 and we have not heard of anymore problems in that area .

formans · ‎11-06-2003

Thanks, I thought that we would need to upgrade at some point. I will need to put some justification together for any change to the production network and one of the questions will be 'What benefits will the upgrade give ?'. Did you find a specific bug reference ? I've trawled through as many as I can, but until we have defined the problem, it makes searching difficult and I haven't found one that matches the symptoms we've seen. I've not been able to reproduce the problem in controlled conditions, so having a vendor reference will help justify any roll-out.