vlan and arp cache

Hi, I have a problem very similar to the one described on "problem with vlan + arp" posted on this newsgroup on Sept , 2009 but I can't understand the answer so I kindly ask your help: let's consider the scenario described in that post: if the arp timeout in the router is lower than the mac address timeout in the mac forwarding table in the switch there should be no problem because the router will arp the dest_IP_addr and the switch will just refresh the mac forw table when the destination host will reply to the arp, right?? But (here is what I probably didn't undestand) in my opinion if the arp timeout in the router is higher than the mac addr timeout in the switch, the router will send a unicast frame (bacause he know the correct dest_mac_adress) and the switch will forward that frame on every port exept the source port of the frame (as far as I know the switches do this when they don-t know where a mac address is), if this is correct there should be no ping timeout neither is the first nor in the second scenario; so i can't imagine a scenario in wich this "timeout mismatch" could be a problem....but in my networdk I have the same problem and I solve it clearing the arp-cache on the router :-). Would someone please clarify me when the timeout mismatch can cause a problem? Thank you very much for reading. Gabriele

Reply to
Gabriele Guasco
Loading thread data ...

Welcome, time traveler! Since we are just finishing living June, 2009, could you be so kind to post the original problem? Otherwise we will have to wait until September before being able to answer your question.

Regards, Andrey.

Reply to
Andrey Tarasov

What is the problem occuring on? You losing pings, or complete traffic to a particular IP? Anything unique on the boxes being impacted, i.e. load balancing, multicast, etc? Short answer is, perhaps there is load balancing and one of your boxes is having a problem. and clearing arp is the only thing that is forcing the usage of the other box in the cluster (which would have a different mac). I agree with your overall assessment of how things should work, but I would not be convinced that you have something in the mix that is making it behave differently. Here is a good link from cisco in the meantime:

formatting link

Reply to
Trendkill

That's pretty funny, Andrey !

Reply to
John Agosta

This problem usually happens when you are running HSRP. You are running HSRP on Routers A and B for multiple VLANs. Router A is the default gateway for the client, so A will receive traffic from the client. Each time a packet is received from client, the CAM table is updated. If Router B is the default gateway for the server (or the next hop router to the VLAN the client is on), then B will always receive traffic for the replies to the client.. Now on router B, if the client's MAC address is not in the ARP table, B will ARP the client. When the client responds, both the ARP and the CAM table are updated. After the CAM table times out, the ARP entry is still there so B will know the MAC of the client, but the MAC will not exist in the CAM table. Router B will then flood the packet because at layer 2, this is an unknown MAC address.

The reason setting the ARP cache timeout and the CAM timeout to the same value fixes this problem is because when CAM table entry expires, so does the ARP entry. The router will then ARP the client and both tables get refreshed. The key to this problem is that both the ARP and CAM table timeout values are reset only when a packet is received from the client, not when one is sent to it.

It is a Cisco recommended practice to always set the ARP and CAM timeouts to the same value when running HSRP in order to prevent this problem. There is debate as to weather you should lower the ARP timeout or raise the CAM timeout. I always lower the ARP timeout to match the CAM timeout, which is

300 seconds.
Reply to
Thrill5

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.