Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
5
Helpful
5
Replies

GLBP Question

Go to solution
Sonu Upadhyay
Level 1
Level 1

‎12-30-2014 01:53 AM - edited ‎03-05-2019 12:28 AM

Hi

Just read the GLBP and I am confused over something in the way it works.  As per the concept the AVG replies to all the arp messages and since it has all the virtual MAC (that it originally assigned to other AVFs) it replies to some of the arp requests with the virtual MAC of AVFs (for the purpose of load balancing), this is where I am kind of confused, in this particular scenario when the AVG replies to an arp request with the destination vMAC of the AVF, the downstream switch would learn that vMAC address from the port that the AVG is connected to (as per my understanding) because that's how a switch learns the MAC address and builds up it's CAM table, now when the host forms a frame destined to vMAC of AVF and it reaches the access switch then this access switch would look up it's CAM table and find that it learnt that MAC address from the port where my AVG is connected to.  Can somebody then please explain how it would get to AVF, I have drawn a simple topology (below), Router 1 is AVG and 2 is AVF and they're connected via access switches, assuming there are end hosts connected to these access switches how would GLBP work (specific to my query above).

 

Thanks

Sonu

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to Sonu Upadhyay

‎12-30-2014 05:54 AM

Hi

That's OK.

The first pair of screen shots show a standard ARP request/reply. 

In those the source MAC address (in the Ethernet II line - i.e. in the Layer 2 header, which is what the switch uses in the CAM/mac table) matches the 'Sender MAC Address' which is a higher-layer piece of information which is not seen by the switch. (Well - not used by the switch, unless you are doing ARP inspection of course.. but for mac/CAM table purposes, it's the L2 header that counts)

In the second screen shots, the ones on the left show one host (192.168.0.200) resolving the gateway IP. It receives an ARP response where the Ethernet/Layer 2 header source MAC address and the ARP 'Sender MAC Address' field do not match. The switch will learn the MAC in the Ethernet header (in this case c001.3270.0000, the AVF) and will put that in the MAC table. The 'Sender MAC Address' is used by the switch, but tells the host that ARPed for the gateway to use the MAC 0007.b400.0101 to send traffic to.

The shots on the right show 192.168.0.201 ARPing for the same address, getting a reply with Ethernet/L2 header source MAC of 0007.b400.0101 again, but this time with 0007.b400.0102 in the ARP Sender MAC Address field. 

As this second packet is from the AVF again with the same receiving switch port, the source l2 header mac of 0007.b400.0101 would be refreshed in the MAC table.

The physical 0007.b400.0101 and 0007.b400.0102 MAC addresses would be learned normally based on traffic originating from the router interfaces or their presence on the switch as SVIs.

The point is that the source MAC of the packet L2 frame, and the 'sender MAC address' embedded inside the ARP packet are different things. The L2 frame header is what builds the MAC table, and the contents of the ARP packet are what tells the host which MAC to associate with the IP address in it's ARP table.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

View solution in original post

5 Replies 5

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni

‎12-30-2014 02:58 AM

Hi

Good question, answered here: http://networkengineering.stackexchange.com/questions/10108/wont-glbp-confuse-a-switchs-mac-address-table

The MAC source of the packet, and the actual MAC send in the ARP packet are not the same thing. See the packet capture screen grabs on that article...

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful

Go to solution
Sonu Upadhyay
Level 1
Level 1
In response to Aaron Harrison

‎12-30-2014 03:40 AM

Sorry it's either not clearly explained or I am too dumb to get it, I looked at the wireshark captures and your reply above however it still leaves me with the original questions.  The wireshark capture shows that the first arp request was replied to by R2 with it's own vMAC and the second one answered by it contained the vMAC of the AVF (R1), the questions still stands, when the downstream switch gets those replied it would see both the vMACs being learnt from the same port and, as far as my knowledge goes, if a frame destined to any of those vMACs hit the switch it would send it off the same port where AVG is connected.  I think I am missing something very minute, I've looked over the link provided by you a couple of times and I still didn't get it, requesting a detailed explanation hereby.

 

Thanks

Sonu

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to Sonu Upadhyay

‎12-30-2014 05:54 AM

Hi

That's OK.

The first pair of screen shots show a standard ARP request/reply. 

In those the source MAC address (in the Ethernet II line - i.e. in the Layer 2 header, which is what the switch uses in the CAM/mac table) matches the 'Sender MAC Address' which is a higher-layer piece of information which is not seen by the switch. (Well - not used by the switch, unless you are doing ARP inspection of course.. but for mac/CAM table purposes, it's the L2 header that counts)

In the second screen shots, the ones on the left show one host (192.168.0.200) resolving the gateway IP. It receives an ARP response where the Ethernet/Layer 2 header source MAC address and the ARP 'Sender MAC Address' field do not match. The switch will learn the MAC in the Ethernet header (in this case c001.3270.0000, the AVF) and will put that in the MAC table. The 'Sender MAC Address' is used by the switch, but tells the host that ARPed for the gateway to use the MAC 0007.b400.0101 to send traffic to.

The shots on the right show 192.168.0.201 ARPing for the same address, getting a reply with Ethernet/L2 header source MAC of 0007.b400.0101 again, but this time with 0007.b400.0102 in the ARP Sender MAC Address field. 

As this second packet is from the AVF again with the same receiving switch port, the source l2 header mac of 0007.b400.0101 would be refreshed in the MAC table.

The physical 0007.b400.0101 and 0007.b400.0102 MAC addresses would be learned normally based on traffic originating from the router interfaces or their presence on the switch as SVIs.

The point is that the source MAC of the packet L2 frame, and the 'sender MAC address' embedded inside the ARP packet are different things. The L2 frame header is what builds the MAC table, and the contents of the ARP packet are what tells the host which MAC to associate with the IP address in it's ARP table.

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Go to solution
Sonu Upadhyay
Level 1
Level 1
In response to Aaron Harrison

‎12-30-2014 06:46 AM

Thanks Aaron, that explains it.  Can I ask though what does that Cisco_00:01:01 and :02 mean in sender source mac address?

0 Helpful

Go to solution
Aaron Harrison
VIP Alumni
VIP Alumni
In response to Sonu Upadhyay

‎12-30-2014 07:01 AM

The first 6 octets (first half) of a MAC address is known as the EUI and is assigned to manufacturers, e.g. physical NIC makers (BroadCom, Cisco, Intel) and virtual (VMware).

Wireshark shows Cisco_00:01:02 because the real MAC is 00:07:b4:00:01:02, and 00:07:b4 is assigned to Cisco. It's sort of shorthand, more easily readable... but it does show the full MAC as well in brackets afterwards most of the time.

You can look them up here: https://www.adminsub.net/mac-address-finder/00:07:b4

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card