08-15-2006 05:34 AM - edited 03-03-2019 01:39 PM
There is a server running i-Bahn on Fedora Version 4. It has a primary IP and multiple virtual IPs configured.
Some virtual IPs are associated with server's MAC address and they are working.
But some IPs are associated with router's fa0/1 MAC address and they are not working also their aiging time is not showing in ARP table.
We have cleared ARP table several times and finally we have disabled "IP ARP Proxy" on that interface and rebooted the router. Problem is still same.
The virtual interfaces are created on the server by i-Bahn application.
What can be the problem.
08-15-2006 06:06 AM
ARP entries usually don't age when they belong to the system where you look at the arp cache.
Could you please elaborate what exactly doesn't work (what you're trying to achieve, what you expect to see and what you actually observe)?
08-15-2006 08:43 PM
Dear Ilya,
Observation:
A new Automatic Teller Machine (ATM) switch (IBAHN) is introduced to the Head office LAN where all braches are connected. The new ATM switch consists of 56 virtual interfaces and each virtual interface represents an ATM to AS 400 system by ATM switch. We have experienced that the number of ATM increases, the corresponding MAC address of the ATM switch for its interfaces including primary interface is assigned with router MAC address ( 172.17.1.2 pls refer attached diaram) gradually resulting all packets destined to ATM switch terminated at the router interface.
Also we have tried with deleting arp cache but it still assigned the router fast Ethernet MAC address for ATM switch. Therefore ATM switch did not get the AS 400 response and ATM switch keep on sending the SYN packets. We have monitored the arp broadcast and it only ask from several interfaces the rest of the MAC address is already determine incorrectly by the router ( Assigned router MAC address again)
Can it be a router Issue?
08-15-2006 09:41 PM
Hi,
From what you have mentioned so far, I have the following queries, could you pleaae them to have more idea on what's going on.
1) You have mentioned that the new ATM switch consists of 56 virtual interfaces.
If so, do you have separate ip addressses assigned for each of these virtual interfaces. ?
2)If so, I assume all these virtual interface will have the same MAC( mac address of the ATM Switch's ethernet interface).
3) If not, update us on what logic the ATM switch follows to assign the mac address for the virtual interfaces. Im not sure on how this is handled in the ATM Switch.
4) Do you observe the wrong ARP entries ( for the virtual interface of the ATM Switch) in the Cisco 3600 router or even on another machine on the same LAN. Can you confirm this.
5) Could you provide us the configuration of the Cisco 3600 Router?
-VJ
08-16-2006 03:57 AM
Dear Vijayasankar,
1. They are Virtual IP interfaces created by IBahn Server application and should have same MAC address of ATM Switch's fastethernet interface.
2. Some virtual interfaces have bind to router's MAC address. 172.17.1.10 - 172.17.1.32. Others are normal and working.
With limited number of IPs and ATMs it is working (below 30). When we adding more than 30 IPs and ATMs it is misbehaving.
4.
5.YES but now we have changed the server to 2801 router.
We have aDR server for IBahn on the same segment.
This is the output of the arp -a command and all MAC address are
correct. The MAC for 172.17.1.2 is router interface IP address.
[root@shoibndr ~]# arp -a
? (172.17.1.56) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.50) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.53) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.40) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.34) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.51) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.47) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.46) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.49) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.14) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.10) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.31) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.52) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.55) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.11) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.54) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.13) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.48) at 00:13:D4:83:D6:3B [ether] on eth0
? (172.17.1.2) at 00:14:1C:61:E0:97 [ether] on eth0
? (172.17.1.23) at 00:13:D4:83:D6:3B [ether] on eth0
[root@shoibndr ~]#
Regards
Kapila
08-16-2006 06:03 AM
From this arp on snoibndr output it follows that it's actually not the router, but host 00:13:D4:83:D6:3B. MAC range starting from 00:13:D4 is not Cisco range, but ASUSTEK. Since you say all this addresses belong to your "iBAHN" system, there's no problem here.
The problem is actually different: you use 'ip unnumbered FastEthernet 0/0' on your serial interfaces. As soon as you have serial link up, your router now has two interfaces belonging to the same 192.168.12.204/28 subnet. This is not valid configuration. You need to either use different subnets or enable bridging. Each has advantages and disadvatnages, but generally routing using different subnets would be easier to support.
08-16-2006 03:23 AM
If router claims IP addresses that belong to other systems (that is router responds with its own MAC address to ARP requests about IP of other systems), then it's proxy-arp at work. Proxy-arp may be good or bad thing depending on your topology, addressing scheme, routing, NAT, firewall rules.
Could you please ammend your diagram with IP addresses and mask of each involved system and interface? Also, could you please post 'sh arp' from the router and 'sh run int
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: