Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

ARP lookup?

Anders_35
Regular Advisor

ARP lookup?

Here's one for those well versed in tha IP stack..
It's not a switch/hub/modem issue, but I'm guessing that of all forums, this is where the experts are.

We have a server A, with two NICs (1 and 2)
The server runs HP teaming, in transmit load balancing mode, and expects to see all incoming traffic to NIC1, which has the team's MAC-address. It load balances outbound traffic on both NICs.

If you do an arp lookup for SERVER A, you will get NIC1 MAC in return.
So even if traffic goes out of NIC2, replies should always come back to NIC1.

We send traffic from SERVER A, NIC2 to a mail server on the other side of a firewall.

The firewall responds directly to NIC2, not NIC1. If I go to the firewall and ping SERVER A, it's NIC1 that is inserted into the ARP-table.

So, is the firewall displaying correct behaviour, or should it, as I expect, return my traffic to NIC1?

4 REPLIES
Mohieddin Kharnoub
Honored Contributor

Re: ARP lookup?

Hi

Traffic usually in an trunk is distributed across the individual trunked links but the load is not necessarily balanced equally across all the links.
More over, Trunk link uses source-destination
address pairs (SA/DA) for distributing outbound traffic over trunked links.

Now for arp lookup for Server A, i belive you are doing this from the same Vlan where the Server is located.

Usually firewall does NAT from inside to outside, and does Routing from Outside to Inside, so if your Mail server located on OUtside Zone, and Server A in the Inside Zone then we have here Nat and routing is necessary also here.

What you can do for testing, most of the Firewalls usually allow you to ping using a specific port on the firewall, so you can ping Server A from Outside port (Port connects to outside zone - DMZ or Untrust).

If yo ucan explain little about your Vlans you have and how you connect the Firewall, Server A and Mail server, i think you will get a good explaination here :)

Good Luck !!!
Science for Everyone
Anders_35
Regular Advisor

Re: ARP lookup?

Thanks Mohieddin.
The network in question has all client ports
untagged in default VLAN (VLAN1)

The server is a BL20 blade, with one NIC connected to each GbE2 interconnect switch. (see diagram)
One GbE2 is connected to a meshed 3448, and at the other "end" of the mesh is a 3424 connected to the firewall.

There is no trunk here, the two-NIC load balancing is done with HP teaming Transmit Load Balancing, which sends on multiple NICs, but only receives on one NIC.

All outgoing traffic uses each individual NICs MAC address, but since only the primary NIC will answer to ARP requests, only the primary NIC's MAC address should be seen in incoming traffic.

This works for through routers here, but not this particular firewall.
Anders_35
Regular Advisor

Re: ARP lookup?

Last sentence supposed to read:

This works through other routers here.....

:-)
rick jones
Honored Contributor

Re: ARP lookup?

If the server is running Linux you may want to make sure the "arp_ignore" parameter is set via sysctl (sysctl -a | grep ignore should find the specific wording)

Perhaps the firewall is "learning" MAC addresses via means other than ARP - perhaps like a switch does by looking at the ethernet headers. Might be some attempt to avoid ARP poisioning or something.
there is no rest for the wicked yet the virtuous have no pillows