Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2596
Views
5
Helpful
4
Replies

ASA 5525 and ARP Collisions for Broadcom BCM5709S Teamed NICs

Go to solution
francesco.chiarelli11
Level 1
Level 1

‎09-29-2016 11:49 PM - edited ‎03-12-2019 01:20 AM

I am running an ASA 5525 which complains a lot about ARP collisions from all servers with teamed NICs. The ASA version is Firmware 9.1(7).

----------------------------

405001 Received ARP request collision from 10.138.XX.XX/0010.18fb.XXXX on interface DRDMZ-External-Env-VLAN_2 with existing ARP entry 10.138..XX.XX/5cf3.fc24.XXXX

733100 [ Scanning] drop rate-1 exceeded. Current burst rate is 28 per second, max configured rate is 10; Current average rate is 49 per second, max configured rate is 5; Cumulative total count is 29851

----------------------------

After some Googling this problem is pointing to be related to NIC Teaming configuration using Load balancing mode. We are using IBM Blade HS23 and HX5 with 2 Broadcom BCM5709S NetXtreme II GigE NICs.

My question are:

1)Is the ASA dropping all the traffic to the NIC that advertises itself with the ARP message that generates these warnings ?

2)Is the Smart Load Balancing configuration is actually useless since all the traffic used by one of the NIC is blocked by the ASA?

Cheers,

Francesco

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to francesco.chiarelli11

‎09-30-2016 12:00 AM

Hi,

Since you are using a NIC TEAM for the same ip address, because firewall has received an ARP

packet, and the MAC address in the packet differs from the ARP cache entry it would drop the ARP packet and generate this message.

I would suggest you to use a Virtual MAC on the NIC so that ASA is able to process the Arp entries.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

4 Replies 4

Go to solution
francesco.chiarelli11
Level 1
Level 1

‎09-29-2016 11:53 PM

Additionally I am not sure it the event 405001 is related to the 733100 [ Scanning] drop rate-1 exceeded warning.

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to francesco.chiarelli11

‎09-30-2016 12:00 AM

Hi,

Since you are using a NIC TEAM for the same ip address, because firewall has received an ARP

packet, and the MAC address in the packet differs from the ARP cache entry it would drop the ARP packet and generate this message.

I would suggest you to use a Virtual MAC on the NIC so that ASA is able to process the Arp entries.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Go to solution
francesco.chiarelli11
Level 1
Level 1
In response to Aditya Ganjoo

‎10-03-2016 10:40 PM

Hi Aditya,

The  "SMART Load Balancing and Failover" teaming is using a dedicated MAC address per each teaming members. We need to connect the server to different switches for redundancy. It is not possible to set up a virtual MAC.

The broadcom driver is selecting a MAC address of one NIC or the other during the load balancing.

By the way, is the ASA dropping only the ARP or also other packect that contains  IP/MAC that is not in the ASA ARP cache?

Thanks for answering to my first questions.

Francesco

0 Helpful

Go to solution
Aditya Ganjoo
Cisco Employee
Cisco Employee
In response to francesco.chiarelli11

‎10-04-2016 05:36 AM

Hi,

ASA is only dropping the ARP packets and that's why you see these logs.

You can even confirm by using ARP captures on the ASA's interface:

capture arp ethernet-type arp interface <> 

Regards,

Aditya

Please rate helpful posts and mark correct answers.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card