Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1894
Views
0
Helpful
5
Replies

ARP not getting Updated automatically

gauravpundir231
Level 1
Level 1

‎05-09-2018 07:41 AM - edited ‎03-05-2019 10:25 AM

Hi All,

We are facing issue with arp.
ARP is not getting updated on one of the internet router.
Scenario
We have 2 firewalls in cluster connected to 2 Internet routers. When doing FW fail over arp in not getting updated on primary internet router however no issues with secondary router.
Topology: Firewall connected to L2 Switch (3750) & from switch internet routers are connected.

Please advise/suggest what can checked in this case

Labels:
0 Helpful
5 Replies 5

sgt2111usmc
Level 1
Level 1

‎05-09-2018 07:52 AM

Wouldn't traffic change direction when doing failover?  Therefore routing tables/arp entries would only populate on the active router and not the standby router?

 

Thanks,

 

Matt

0 Helpful

gauravpundir231
Level 1
Level 1
In response to sgt2111usmc

‎05-09-2018 08:16 AM

our active router is primary one on which arp is nt getting updated. & whn arp is not getting updated bgp neigborship is going down & traffic is divertng to secondary

0 Helpful

Georg Pauwen
VIP
VIP
In response to gauravpundir231

‎05-09-2018 08:40 AM

Hello,

 

which routers do you have, and which IOS ?

0 Helpful

gauravpundir231
Level 1
Level 1
In response to Georg Pauwen

‎05-09-2018 08:46 AM

cisco 3945. not sure of ios both have same ios

0 Helpful

Georg Pauwen
VIP
VIP
In response to gauravpundir231

‎05-09-2018 09:02 AM

Hello,

 

without having seen your configs, check if you might be hitting the bug below:

 

Box to Box NAT / GARP not sent by the Primary Router after taking the Active role
CSCvf21090
Description
Symptom:
The NAT failover works fine and the Secondary NAT box takes up active role when the Primary NAT box crashes/reloads, however the failback does not work as expected.
When the Active router comes back up it performs BULK_SYNC and moves to Active role, however does not generates any GARP to update the mac address on the connected device thus even though the Primary router is Active the ARP for the NATTED ip still points to the Standby Routers mac address on the host devices.

Conditions:
Box to Box NAT redundancy configuration.

This issue is not seen on the older 15.4(3)M1 version, however its seen on almost all version post this release.

Workaround:
The issue is not seen on the 15.4(3)M1 release.

Further Problem Description:
Primary Router:
==============
redundancy
application redundancy
group 1
name CAS-NAT
preempt
priority 100 failover threshold 50
timers delay 0 reload 60
control GigabitEthernet0/0 protocol 1
data GigabitEthernet0/0
asymmetric-routing interface GigabitEthernet0/0
asymmetric-routing always-divert enable


ip nat inside source static 192.168.96.125 170.8.244.2 redundancy 1 mapping-id 102
ip nat inside source static 192.168.96.65 170.8.244.3 redundancy 1 mapping-id 103

show ip arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 170.8.244.1 - 0007.b421.0064 ARPA GigabitEthernet0/3
Internet 170.8.244.2 - c471.feca.2e83 ARPA GigabitEthernet0/3
Internet 170.8.244.3 - c471.feca.2e83 ARPA GigabitEthernet0/3


Secondary Router:
===============
redundancy
application redundancy
group 1
name CAS-NAT
preempt
priority 90
timers delay 0 reload 60
control GigabitEthernet0/0 protocol 1
data GigabitEthernet0/0
asymmetric-routing interface GigabitEthernet0/0
asymmetric-routing always-divert enable


ip nat inside source static 192.168.96.125 170.8.244.2 redundancy 1 mapping-id 102
ip nat inside source static 192.168.96.65 170.8.244.3 redundancy 1 mapping-id 103


show ip arp
Protocol Address Age (min) Hardware Addr Type Interface

Internet 170.8.244.2 - 8843.e118.6708 ARPA GigabitEthernet0/0/0
Internet 170.8.244.3 - 8843.e118.6708 ARPA GigabitEthernet0/0/0

 

Host device:
===========

DEMO-FIREWALL#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 170.8.244.1 0 0007.b421.0064 ARPA Vlan50
Internet 170.8.244.2 4 c471.feca.2e83 ARPA Vlan50
Internet 170.8.244.3 4 c471.feca.2e83 ARPA Vlan50

The Above arp pointing to Primary Router.


After the Primary router is down, it points to the Standby because of the GARP received from Standby Router:

*Apr 24 00:11:43.447: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/47, changed state to down
*Apr 24 00:11:44.450: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/47, changed state to down
*Apr 24 00:11:45.184: IP ARP: rcvd rep src 170.8.244.2 8843.e118.6708, dst 170.8.244.2 Vlan50
*Apr 24 00:11:45.184: IP ARP: rcvd rep src 170.8.244.3 8843.e118.6708, dst 170.8.244.3 Vlan50


show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 170.8.244.2 0 8843.e118.6708 ARPA Vlan50
Internet 170.8.244.3 0 8843.e118.6708 ARPA Vlan50


After the Primary Router cameup as active , the ARP on Host device still pointing to Standby:


DEMO-FIREWALL#
*Apr 24 00:13:54.802: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/47, changed state to down
*Apr 24 00:13:55.804: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/47, changed state to down
*Apr 24 00:13:56.186: IP ARP: rcvd rep src 170.8.244.2 8843.e118.6708, dst 170.8.244.2 Vlan50
*Apr 24 00:13:56.187: IP ARP: rcvd rep src 170.8.244.3 8843.e118.6708, dst 170.8.244.3 Vlan50
*Apr 24 00:13:58.187: IP ARP: rcvd rep src 170.8.244.2 8843.e118.6708, dst 170.8.244.2 Vlan50
*Apr 24 00:13:58.187: IP ARP: rcvd rep src 170.8.244.3 8843.e118.6708, dst 170.8.244.3 Vlan50
*Apr 24 00:13:58.332: %LINK-3-UPDOWN: Interface GigabitEthernet3/0/47, changed state to up
*Apr 24 00:13:59.333: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/47, changed state to up
*Apr 24 00:14:25.185: IP ARP: rcvd rep src 170.8.244.251 c471.feca.2e83, dst 170.8.244.251 Vlan50
*Apr 24 00:14:25.193: IP ARP: rcvd rep src 170.8.244.251 c471.feca.2e83, dst 170.8.244.251 Vlan50
*Apr 24 00:14:25.575: IP ARP: rcvd rep src 170.8.244.251 c471.feca.2e83, dst 170.8.244.251 Vlan50
*Apr 24 00:14:34.677: IP ARP: rcvd rep src 170.8.244.251 c471.feca.2e83, dst 170.8.244.251 Vlan50
*Apr 24 00:14:34.945: IP ARP: rcvd rep src 170.8.244.2 c471.feca.2e83, dst 170.8.244.2 Vlan50
*Apr 24 00:14:34.946: IP ARP: rcvd rep src 170.8.244.3 c471.feca.2e83, dst 170.8.244.3 Vlan50
*Apr 24 00:14:34.946: IP ARP: rcvd rep src 170.8.244.2 8843.e118.6708, dst 170.8.244.2 Vlan50
*Apr 24 00:14:34.946: IP ARP: rcvd rep src 170.8.244.3 8843.e118.6708, dst 170.8.244.3 Vlan50
*Apr 24 00:14:34.947: IP ARP: rcvd rep src 170.8.244.251 c471.feca.2e83, dst 170.8.244.251 Vlan50
*Apr 24 00:14:58.148: IP ARP: rcvd rep src 170.8.244.2 c471.feca.2e83, dst 170.8.244.2 Vlan50
*Apr 24 00:14:58.148: IP ARP: rcvd rep src 170.8.244.3 c471.feca.2e83, dst 170.8.244.3 Vlan50
*Apr 24 00:14:58.149: IP ARP: rcvd rep src 170.8.244.2 8843.e118.6708, dst 170.8.244.2 Vlan50
*Apr 24 00:14:58.149: IP ARP: rcvd rep src 170.8.244.3 8843.e118.6708, dst 170.8.244.3 Vlan50
*Apr 24 00:15:07.219: IP ARP: rcvd rep src 170.8.244.1 0007.b421.0064, dst 170.8.244.1 Vlan50

 

show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 170.8.244.2 5 8843.e118.6708 ARPA Vlan50
Internet 170.8.244.3 5 8843.e118.6708 ARPA Vlan50

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card