Comware Based
1748016 Members
4128 Online
108757 Solutions
New Discussion

A5500---ARP requests if the response contains a multicast MAC address.

 
Howiedoit
Frequent Advisor

A5500---ARP requests if the response contains a multicast MAC address.

Hi all. 

I am implementing a Watchguard "FireCluster" in an Active/Active configuration. From the Watchguard doc's, they say the following:

""All switches and routers in an active/active FireCluster broadcast domain must meet these requirements.

All switches and routers in the broadcast domain must not block ARP requests if the response contains a multicast MAC address.
This is the default behavior for most layer 2 switches.
For routers and layer 3 switches, the default behavior is to follow RFC 1812, which says that the router must not believe any ARP reply that claims that the Link Layer address of another host or router is a broadcast or multcast address. If possible, disable this behavior. If you are unable to block RFC 1812 support, you might need to configure static MAC and static ARP entries on your routing device.""

One one side of this Watchguard is my Cisco switches (PLC network) and the other side is my HP switches (Corp Network).

HP side has: 20 or so more switches but the Core is:

4 x A5500-4SFP-HI (IRF) L3

Cisco side Core:

2 x 2960x L3

 Would someone like to elaborate on how this can be accomplished? Do I have to create entries on each and every switch in the broadcast domain manually, once I get pointed in the right direction and know what I need to do?

Any input or advice would be much appreciated.

Thank you

4 REPLIES 4
Howiedoit
Frequent Advisor

Re: A5500---ARP requests if the response contains a multicast MAC address.

Not a single response to this question??

Maybe this cannot be done then?

Do I need to buy a different switch, or maybe another make altogether??

The letter "C" comes to mind.

 

 

16again
Respected Contributor

Re: A5500---ARP requests if the response contains a multicast MAC address.

On L2 switches in the same broadcast domain as the cluster, no configuration is needed.
Only L3 switches with interface(s) in the same subnet (=L3 directly connected) , require a static ARP entry added for each direct connected L3 interface.
All other L3 switches are 1 or more IP hops away from the cluster, and require no extra configuration.

Before passing traffic through the cluster and going live, bring up a single cluster interface pair, and check IP connectivity to it.

Apachez-
Trusted Contributor

Re: A5500---ARP requests if the response contains a multicast MAC address.

Im pretty sure I have seen this in the manual previously...

Ahh there it was:

 

From HP manual

Enabling dynamic ARP entry check

The dynamic ARP entry check function controls whether the device supports dynamic ARP entries with multicast MAC addresses.

When dynamic ARP entry check is enabled, the device cannot learn dynamic ARP entries containing multicast MAC addresses.

When dynamic ARP entry check is disabled, the device can learn dynamic ARP entries containing multicast MAC addresses.

To enable dynamic ARP entry check:

Step
Command
Remarks

1. Enter system view.
system-view
N/A

2. Enable dynamic ARP entry check.
arp check enable
Optional.
Enabled by default.

 

From H3C manual

arp check enable
undo arp check enable

Use the arp check enable command to enable ARP entry check. With this function enabled, the device cannot learn any ARP entry with a multicast MAC address. Configuring such a static ARP entry is not allowed either; otherwise, the system displays error messages.

Use the undo arp check enable command to disable the function. After the ARP entry check is disabled, the device can learn the ARP entry with a multicast MAC address, and you can also configure such a static ARP entry on the device.

By default, ARP entry check is enabled.

Axido
Occasional Visitor

Re: A5500---ARP requests if the response contains a multicast MAC address.

Hi,

Sorry to dig this.

Insufficient ; dynamic arp check does not fix the active/active issues as the router only record 1 interface for the Mac address.
So half the packets are lost because they only go to one of the 2 nodes.

I have the same issue on a M470 FireCluster with a HPE A7503 chassis.
Solution would be to add a "mac-adress multicast" but it keeps saying "invalid MAC address" when trying to use this command ... *shrug*

Sticking to Active/Passive for now.