cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
860
Views
0
Helpful
1
Replies
Highlighted
Beginner

Possible GLBP and ARP table issue?

Hello everyone and thank you in advance for you assistance.

We are currently experiencing a very strange behavior with our hosted SAP environment.  Our WAN setup into the facility is very simple -

                      3825-1 -------------SW1-----------------5510-1---------------

                     /                           |                                              \

PIP CLOUD<                              |                                               > SAP CLUSTERS

                    \                            |                                             /

                     3825-2 ---------------SW2----------------5510-2---------------

3825s are running "advipservicesk9-mz.123-11.T10" with 15Mbps links over DS3 services.

3825s are running GLBP towards the firewalls and BGP towards the PIP cloud.


SWs are Cisco 2960 switches is an unknown code level, the hosting center will NOT provide. 

5510s are running an unknown code level, the hosting center will NOT provide

Now for the issue - at random load invervals, the SAPGUI login will stall for new sessions, active sessions slow tremendously.  FTP transfers work as excepted, PING repsonses are in the normal levels.  WAN Interface traffic levels are with in reason.  I know what your thinking server issue, but according to our hosting center the servers are fine. Unfortunately we have to trust them.  The hosting center wants to point the finger at GLBP sending bad MAC information to the FW cluster VIP. 

So my question is this -

Is there any know issue with ASA and GLBP that would possibly cause this issue?  ARP table confusion, XLATE tables, Bridge tables?  If we static route to the physical IP of a router traffic passes with no issue.

We are currenlty running on the "2" path with no issues for over 5 days.

1 REPLY 1
Highlighted
Hall of Fame Master

Hello Chris,

there is only one host in the internal LAN that is the active ASA firewall if the ASA is in routed mode, using GLBP in your scenario should not provide any load balancing unless the ASA is working in transparent mode.

Are you using the ASA in transparent mode?

Can you try to use HSRP instead of GLBP?.

>> at random load invervals, the SAPGUI login will stall for new sessions, active sessions slow tremendously.

I would agree on the possible impact on new sessions, but how a GLBP problem related to ARP can impact active sessions where each of them is already mapped to a forwarder MAC address?

>> If we static route to the physical IP of a router traffic passes with no issue

Can two static routes be configured ? And where is this static route configured on the SAP cluster or the ASA?

Again if the ASA is working in routed mode there is no sense in using GLBP, if the ASA is working in transparent mode the static routes should be configured on the SAP clusters.

Hope to help

Giuseppe


Content for Community-Ad