topic Cisco ACE in bridged mode - ARP and Probes in Application Networking https://community.cisco.com/t5/application-networking/cisco-ace-in-bridged-mode-arp-and-probes/m-p/2739850#M42899 <P>Hi,</P><P>&nbsp;</P><P>We have ACE 30 module context in bridged mode.</P><P>Everything works fine, but the probes to the real server on the Standby are in a Failed state. After troubleshooting for a while, I have found, that this is somehow related to L2 and ARP responses.</P><P>- Routing on the client side is pointing to 10.126.120.1 (this is a HSRP IP where 10.126.120.2 and .3 are real IP addresses) - this is vlan 2750</P><P>- Routing on server side is pointing to 10.126.120.4 (this is a HSRP IP where 10.126.120.5 and .6 are real IP addresses) - this is vlan 2751</P><P>- On Active ACE module, I can ping all of the addresses, i.e. 10.126.120.1-6</P><P>- On Standby ACE module, I can ping only client side IP addresses, i.e. 10.126.120.1-3.</P><P>- On Standby ACE, I cannot ping server-side router interfaces, i.e. 10.126.120.4-6 and there is no entry in the ARP table for these IPs.</P><P>- Routers are able to ping Active ACE BVI interface IP address 10.126.120.10</P><P>- Routers are unable to ping Standby ACE BVI interface IP address 10.126.120.11</P><P>- Routers don't receive ARP for Standby ACE BVI IP address.</P><P>- When i manually trigger the ACE module failover, probes start working just fine on both ACE modules until ARP times out.</P><P>&nbsp;</P><P>Is this an expected behaviour?</P><P>Do you have an explanation about this behaviour?</P><P>From loadbalancing perspective, everything is working fine.</P><P>From the Probe perspective, I expect, that the probe on Standby ACE unit is using Standby BVI IP address 10.126.120.11, it is unable to get ARP for the corresponding server route and hence fails the probe.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Here comes the relevant config and state from the Standby ACE module:</P><P><SPAN style="font-family:courier new,courier,monospace;">0cc1-ace12/dclb# show arp</SPAN></P><P><BR /><SPAN style="font-family:courier new,courier,monospace;">Context dclb<BR />================================================================================<BR />IP ADDRESS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; MAC-ADDRESS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Interface&nbsp; Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Encap&nbsp; NextArp(s) Status<BR />================================================================================<BR />10.126.120.1&nbsp;&nbsp;&nbsp; 00.00.0c.07.ac.01&nbsp; vlan2750&nbsp; GATEWAY&nbsp;&nbsp;&nbsp; 39&nbsp;&nbsp;&nbsp;&nbsp; 182 sec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; up<BR />10.126.120.2&nbsp;&nbsp;&nbsp; e0.2f.6d.2c.23.c0&nbsp; vlan2750&nbsp; LEARNED&nbsp;&nbsp;&nbsp; 37&nbsp;&nbsp;&nbsp;&nbsp; 5961 sec&nbsp;&nbsp;&nbsp;&nbsp; up<BR />10.126.120.3&nbsp;&nbsp;&nbsp; e0.2f.6d.2c.23.80&nbsp; vlan2750&nbsp; LEARNED&nbsp;&nbsp;&nbsp; 35&nbsp;&nbsp;&nbsp;&nbsp; 5957 sec&nbsp;&nbsp;&nbsp;&nbsp; up<BR />10.126.120.10&nbsp;&nbsp; e0.5f.b9.ab.8c.35&nbsp; vlan2750&nbsp; LEARNED&nbsp;&nbsp;&nbsp; 40&nbsp;&nbsp;&nbsp;&nbsp; 5955 sec&nbsp;&nbsp;&nbsp;&nbsp; up<BR />10.126.120.4&nbsp;&nbsp;&nbsp; 00.00.00.00.00.00&nbsp; bvi1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; GATEWAY&nbsp;&nbsp;&nbsp; -&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * 3 req&nbsp;&nbsp;&nbsp;&nbsp; dn<BR />10.126.120.11&nbsp;&nbsp; e0.5f.b9.ab.8c.11&nbsp; bvi1&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; INTERFACE&nbsp; LOCAL&nbsp;&nbsp;&nbsp;&nbsp; _&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; up<BR />================================================================================<BR />Total arp entries 6<BR />0cc1-ace12/dclb#<BR />0cc1-ace12/dclb#<BR />0cc1-ace12/dclb# show run interface<BR />Generating configuration....</SPAN></P><P><SPAN style="font-family:courier new,courier,monospace;">interface vlan 2750<BR />&nbsp; description &gt;MSFC:dc<BR />&nbsp; bridge-group 1<BR />&nbsp; fragment min-mtu 28<BR />&nbsp; access-group input BPDU<BR />&nbsp; access-group input ACL<BR />&nbsp; no shutdown<BR />&nbsp; ip route inject vlan 2750<BR />interface vlan 2751<BR />&nbsp; description &gt;MSFC:dclb<BR />&nbsp; bridge-group 1<BR />&nbsp; fragment min-mtu 28<BR />&nbsp; access-group input BPDU<BR />&nbsp; access-group input ACL<BR />&nbsp; no shutdown</SPAN></P><P><SPAN style="font-family:courier new,courier,monospace;">interface bvi 1<BR />&nbsp; ip address 10.126.120.11 255.255.255.224<BR />&nbsp; peer ip address 10.126.120.10 255.255.255.224</SPAN></P><P>&nbsp;</P><P>Relevant router ARP table:</P><P><SPAN style="font-family:courier new,courier,monospace;">0cc1-s11#show ip arp vrf dclb 10.126.120.11<BR />Protocol&nbsp; Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Age (min)&nbsp; Hardware Addr&nbsp;&nbsp; Type&nbsp;&nbsp; Interface<BR />Internet&nbsp; 10.126.120.11&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0&nbsp;&nbsp; Incomplete&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ARPA&nbsp; &nbsp;<BR />0cc1-s11#show ip arp vrf dclb 10.126.120.10<BR />Protocol&nbsp; Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Age (min)&nbsp; Hardware Addr&nbsp;&nbsp; Type&nbsp;&nbsp; Interface<BR />Internet&nbsp; 10.126.120.10&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1&nbsp;&nbsp; e05f.b9ab.8c35&nbsp; ARPA&nbsp;&nbsp; Vlan2751</SPAN></P><P>&nbsp;</P><P>Regards,</P><P>Alexander</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 09 Sep 2015 14:25:33 GMT Alexander Pickar 2015-09-09T14:25:33Z Cisco ACE in bridged mode - ARP and Probes https://community.cisco.com/t5/application-networking/cisco-ace-in-bridged-mode-arp-and-probes/m-p/2739850#M42899 Probes on ACE30 Standby module are in a failed state due to problems in ARP resolution. Wed, 09 Sep 2015 14:25:33 GMT https://community.cisco.com/t5/application-networking/cisco-ace-in-bridged-mode-arp-and-probes/m-p/2739850#M42899 Alexander Pickar 2015-09-09T14:25:33Z Please attach a diagram https://community.cisco.com/t5/application-networking/cisco-ace-in-bridged-mode-arp-and-probes/m-p/2739851#M42900 <P>Please attach a diagram because&nbsp;you might have some unnecessary elements or&nbsp;I don't understand all the details well.</P><P>&nbsp;</P><P>A bridged HA-pair should interconnect two VLANs via two parallel paths.&nbsp;A single broadcast domain and a single subnet&nbsp;(10.126.120.0)&nbsp;is formed. All hosts in this broadcast domain (both servers and clients) should have&nbsp;the same&nbsp;default gateway (either 10.126.120.1 or 10.126.120.4). Layer2 traffic within the broadcast domain should use the active links in the spanning tree.&nbsp;Loop guard function should be disabled on the switchports (internal subinterfaces) towards the ACE. The two spanning tree instances (2750,2751) are combined into a merged spanning tree so the priorities should be tuned to fix which one&nbsp;(which side)&nbsp;is the root.</P><P>&nbsp;</P><P>Please check the spanning tree port states on the links connecting towards the ACE.</P> Sat, 19 Sep 2015 17:02:07 GMT https://community.cisco.com/t5/application-networking/cisco-ace-in-bridged-mode-arp-and-probes/m-p/2739851#M42900 Peter Koltl 2015-09-19T17:02:07Z