vlan and arp cache
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by Gabriele Guasco on June 23, 2009, 9:18 pm
Please log in for more thread options
I have a problem very similar to the one described on "problem with vlan + arp" posted on this newsgroup on Sept , 2009 but I can't understand the answer so I kindly ask your help: let's consider the scenario described in that post: if the arp timeout in the router is lower than the mac address timeout in the mac forwarding table in the switch there should be no problem because the router will arp the dest_IP_addr and the switch will just refresh the mac forw table when the destination host will reply to the arp, right?? But (here is what I probably didn't undestand) in my opinion if the arp timeout in the router is higher than the mac addr timeout in the switch, the router will send a unicast frame (bacause he know the correct dest_mac_adress) and the switch will forward that frame on every port exept the source port of the frame (as far as I know the switches do this when they don-t know where a mac address is), if this is correct there should be no ping timeout neither is the first nor in the second scenario; so i can't imagine a scenario in wich this "timeout mismatch" could be a problem....but in my networdk I have the same problem and I solve it clearing the arp-cache on the router :-). Would someone please clarify me when the timeout mismatch can cause a problem? Thank you very much for reading. Gabriele | ||||||||||||||||||||||
|
Posted by Andrey Tarasov on June 23, 2009, 9:50 pm
Please log in for more thread options Welcome, time traveler! Since we are just finishing living June, 2009, could you be so kind to post the original problem? Otherwise we will have to wait until September before being able to answer your question. Regards, Andrey. | ||||||||||||||||||||||
|
Posted by John Agosta on June 24, 2009, 2:37 pm
Please log in for more thread options
> Gabriele Guasco wrote:
>> Hi,
>> I have a problem very similar to the one described on "problem with >> vlan + arp" posted on this newsgroup on Sept , 2009 but I can't >> understand the answer so I kindly ask your help: >> let's consider the scenario described in that post: if the arp timeout >> in the router is lower than the mac address timeout in the mac >> forwarding table in the switch there should be no problem because the >> router will arp the dest_IP_addr and the switch will just refresh the >> mac forw table when the destination host will reply to the arp, >> right?? >> But (here is what I probably didn't undestand) in my opinion if the >> arp timeout in the router is higher than the mac addr timeout in the >> switch, the router will send a unicast frame (bacause he know the >> correct dest_mac_adress) and the switch will forward that frame on >> every port exept the source port of the frame (as far as I know the >> switches do this when they don-t know where a mac address is), if this >> is correct there should be no ping timeout neither is the first nor in >> the second scenario; so i can't imagine a scenario in wich this >> "timeout mismatch" could be a problem....but in my networdk I have the >> same problem and I solve it clearing the arp-cache on the router :-). >> Would someone please clarify me when the timeout mismatch can cause a >> problem? Thank you very much for reading. >
> Welcome, time traveler! Since we are just finishing living June, 2009, > could you be so kind to post the original problem? Otherwise we will have > to wait until September before being able to answer your question. > > Regards, > Andrey. That's pretty funny, Andrey ! | ||||||||||||||||||||||
|
Posted by Trendkill on June 24, 2009, 6:05 am
Please log in for more thread options > Hi,
> I have a problem very similar to the one described on "problem with > vlan + arp" posted on this newsgroup on Sept , 2009 but I can't > understand the answer so I kindly ask your help: > let's consider the scenario described in that post: if the arp timeout > in the router =A0is lower than the mac address timeout in the mac > forwarding table in the switch there should be no problem because the > router will arp the dest_IP_addr and the switch will just refresh the > mac forw table when the destination host will reply to the arp, > right?? > But (here is what I probably didn't undestand) in my opinion if the > arp timeout in the router is higher than the mac addr timeout in the > switch, the router will send a unicast frame (bacause he know the > correct dest_mac_adress) and the switch will forward that frame on > every port exept the source port of the frame (as far as I know the > switches do this when they don-t know where a mac address is), if this > is correct there should be no ping timeout neither is the first nor in > the second scenario; so i can't imagine a scenario in wich this > "timeout mismatch" could be a problem....but in my networdk I have the > same problem and I solve it clearing the arp-cache on the router :-). > Would someone =A0please clarify me when the timeout mismatch can cause a > problem? Thank you very much for reading. > Gabriele What is the problem occuring on? You losing pings, or complete traffic to a particular IP? Anything unique on the boxes being impacted, i.e. load balancing, multicast, etc? Short answer is, perhaps there is load balancing and one of your boxes is having a problem. and clearing arp is the only thing that is forcing the usage of the other box in the cluster (which would have a different mac). I agree with your overall assessment of how things should work, but I would not be convinced that you have something in the mix that is making it behave differently. Here is a good link from cisco in the meantime: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note091= 86a00807347ab.shtml | ||||||||||||||||||||||
|
Posted by Thrill5 on June 24, 2009, 11:00 pm
Please log in for more thread options This problem usually happens when you are running HSRP. You are running
HSRP on Routers A and B for multiple VLANs. Router A is the default gateway for the client, so A will receive traffic from the client. Each time a packet is received from client, the CAM table is updated. If Router B is the default gateway for the server (or the next hop router to the VLAN the client is on), then B will always receive traffic for the replies to the client.. Now on router B, if the client's MAC address is not in the ARP table, B will ARP the client. When the client responds, both the ARP and the CAM table are updated. After the CAM table times out, the ARP entry is still there so B will know the MAC of the client, but the MAC will not exist in the CAM table. Router B will then flood the packet because at layer 2, this is an unknown MAC address. The reason setting the ARP cache timeout and the CAM timeout to the same value fixes this problem is because when CAM table entry expires, so does the ARP entry. The router will then ARP the client and both tables get refreshed. The key to this problem is that both the ARP and CAM table timeout values are reset only when a packet is received from the client, not when one is sent to it. It is a Cisco recommended practice to always set the ARP and CAM timeouts to the same value when running HSRP in order to prevent this problem. There is debate as to weather you should lower the ARP timeout or raise the CAM timeout. I always lower the ARP timeout to match the CAM timeout, which is 300 seconds. > Hi,
> I have a problem very similar to the one described on "problem with > vlan + arp" posted on this newsgroup on Sept , 2009 but I can't > understand the answer so I kindly ask your help: > let's consider the scenario described in that post: if the arp timeout > in the router is lower than the mac address timeout in the mac > forwarding table in the switch there should be no problem because the > router will arp the dest_IP_addr and the switch will just refresh the > mac forw table when the destination host will reply to the arp, > right?? > But (here is what I probably didn't undestand) in my opinion if the > arp timeout in the router is higher than the mac addr timeout in the > switch, the router will send a unicast frame (bacause he know the > correct dest_mac_adress) and the switch will forward that frame on > every port exept the source port of the frame (as far as I know the > switches do this when they don-t know where a mac address is), if this > is correct there should be no ping timeout neither is the first nor in > the second scenario; so i can't imagine a scenario in wich this > "timeout mismatch" could be a problem....but in my networdk I have the > same problem and I solve it clearing the arp-cache on the router :-). > Would someone please clarify me when the timeout mismatch can cause a > problem? Thank you very much for reading. > Gabriele | ||||||||||||||||||||||
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |
> I have a problem very similar to the one described on "problem with
> vlan + arp" posted on this newsgroup on Sept , 2009 but I can't
> understand the answer so I kindly ask your help:
> let's consider the scenario described in that post: if the arp timeout
> in the router is lower than the mac address timeout in the mac
> forwarding table in the switch there should be no problem because the
> router will arp the dest_IP_addr and the switch will just refresh the
> mac forw table when the destination host will reply to the arp,
> right??
> But (here is what I probably didn't undestand) in my opinion if the
> arp timeout in the router is higher than the mac addr timeout in the
> switch, the router will send a unicast frame (bacause he know the
> correct dest_mac_adress) and the switch will forward that frame on
> every port exept the source port of the frame (as far as I know the
> switches do this when they don-t know where a mac address is), if this
> is correct there should be no ping timeout neither is the first nor in
> the second scenario; so i can't imagine a scenario in wich this
> "timeout mismatch" could be a problem....but in my networdk I have the
> same problem and I solve it clearing the arp-cache on the router :-).
> Would someone please clarify me when the timeout mismatch can cause a
> problem? Thank you very much for reading.