Mailing List Archive: ARP and VRRP-E on FastIron

ARP and VRRP-E on FastIron

Mar 3, 2016, 5:48 PM

Post #1 of 3 (1465 views)

We turned up a feature on an access shelf downstream of our Brocade ICX6650
stack that broke most end-user connectivity.

We're using VRRP-E, with x.y.z.2 and x.y.z.3 as physical IPs on routers A
and B, respectively, and x.y.z.1 as the virtual IP.

After our vendor did some troubleshooting they shared that while the devices
downstream of the access shelf were ARPing for the virtual IP of .1, ICX
6650 "B" was responding to the ARP with a source IP address of .3, and the
access shelf would (properly) discard it (it appears spoofed, of course).

We hope to get packet capture overnight, but while that's in process, does
anyone have insight into how it should and does work?

According to the documentation
(http://www.brocade.com/content/html/en/configuration-guide/fastiron-08030b-
l3guide/GUID-5E2D993A-C30C-4998-A98E-5B75731A2BA1.html), "When an ARP
request packet for the virtual router IP address is received by the Backup
router, it is forwarded to the Master router to resolve the ARP request.
Only the Master router answers the ARP request for the virtual router IP
address." That doesn't make it clear if the Master router (in our case, A),
uses it's physical or virtual IP.

Frank

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Re: ARP and VRRP-E on FastIron [ In reply to ]

caevans at olp

Mar 3, 2016, 6:53 PM

Post #2 of 3 (1453 views)

Permalink

From the FastIron Ethernet Switch Layer 3 Routing Configuration Guide, 08.0.30:

"ARP behavior with VRRP-E

In the VRRP-E implementation, the source MAC address of the gratuitous Address Resolution
Protocol (ARP) request sent by the VRRP-E Master router is the VRRP-E virtual MAC address. When
the router (either the Master or Backup router) sends an ARP request or reply packet, the senderâ€™s
MAC address becomes the MAC address of the interface on the router."

--
Thank you,
Chris Evans

On Thu, Mar 03, 2016 at 07:48:13PM -0600, frnkblk@iname.com wrote:
>We turned up a feature on an access shelf downstream of our Brocade ICX6650
>stack that broke most end-user connectivity.
>
>We're using VRRP-E, with x.y.z.2 and x.y.z.3 as physical IPs on routers A
>and B, respectively, and x.y.z.1 as the virtual IP.
>
>After our vendor did some troubleshooting they shared that while the devices
>downstream of the access shelf were ARPing for the virtual IP of .1, ICX
>6650 "B" was responding to the ARP with a source IP address of .3, and the
>access shelf would (properly) discard it (it appears spoofed, of course).
>
>We hope to get packet capture overnight, but while that's in process, does
>anyone have insight into how it should and does work?
>
>According to the documentation
>(http://www.brocade.com/content/html/en/configuration-guide/fastiron-08030b-
>l3guide/GUID-5E2D993A-C30C-4998-A98E-5B75731A2BA1.html), "When an ARP
>request packet for the virtual router IP address is received by the Backup
>router, it is forwarded to the Master router to resolve the ARP request.
>Only the Master router answers the ARP request for the virtual router IP
>address." That doesn't make it clear if the Master router (in our case, A),
>uses it's physical or virtual IP.
>
>Frank
>
>
>
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp@puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

Re: ARP and VRRP-E on FastIron [ In reply to ]

frnkblk at iname

Mar 3, 2016, 7:13 PM

Post #3 of 3 (1454 views)

Permalink

Thanks. I read that, too, it just doesn't talk about what source IP address the router uses.

Frank

-----Original Message-----
From: Chris A. Evans [mailto:caevans@olp.net]
Sent: Thursday, March 03, 2016 8:54 PM
To: frnkblk@iname.com
Cc: foundry-nsp@puck.nether.net
Subject: Re: [f-nsp] ARP and VRRP-E on FastIron

From the FastIron Ethernet Switch Layer 3 Routing Configuration Guide, 08.0.30:

"ARP behavior with VRRP-E

In the VRRP-E implementation, the source MAC address of the gratuitous Address Resolution
Protocol (ARP) request sent by the VRRP-E Master router is the VRRP-E virtual MAC address. When
the router (either the Master or Backup router) sends an ARP request or reply packet, the senderâ€™s
MAC address becomes the MAC address of the interface on the router."

--
Thank you,
Chris Evans

On Thu, Mar 03, 2016 at 07:48:13PM -0600, frnkblk@iname.com wrote:
>We turned up a feature on an access shelf downstream of our Brocade ICX6650
>stack that broke most end-user connectivity.
>
>We're using VRRP-E, with x.y.z.2 and x.y.z.3 as physical IPs on routers A
>and B, respectively, and x.y.z.1 as the virtual IP.
>
>After our vendor did some troubleshooting they shared that while the devices
>downstream of the access shelf were ARPing for the virtual IP of .1, ICX
>6650 "B" was responding to the ARP with a source IP address of .3, and the
>access shelf would (properly) discard it (it appears spoofed, of course).
>
>We hope to get packet capture overnight, but while that's in process, does
>anyone have insight into how it should and does work?
>
>According to the documentation
>(http://www.brocade.com/content/html/en/configuration-guide/fastiron-08030b-
>l3guide/GUID-5E2D993A-C30C-4998-A98E-5B75731A2BA1.html), "When an ARP
>request packet for the virtual router IP address is received by the Backup
>router, it is forwarded to the Master router to resolve the ARP request.
>Only the Master router answers the ARP request for the virtual router IP
>address." That doesn't make it clear if the Master router (in our case, A),
>uses it's physical or virtual IP.
>
>Frank
>
>
>
>
>_______________________________________________
>foundry-nsp mailing list
>foundry-nsp@puck.nether.net
>http://puck.nether.net/mailman/listinfo/foundry-nsp

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp