CARP UNICAST - ISSUE MAC AGEOUT

Started by blacknote, November 14, 2024, 05:20:22 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 14, 2024, 05:20:22 PM
Hi all,

Regarding the usage of CARP (VRRP2) UNICAST, it appears that the Interface mac of the slave, when this last isnt soliciting by any other service, protocole or monitoring is aged out on the network.

Meaning that, any unicast CARP packets send from the master are flooding onto the network.

My immediate solution is to declare in static the mac of the slave for those interface.
I hesitated to use monit to ping the slave or something like this.

My asking would be to got a specific menu to send gratuitous arp from the interface GUI.


What do you think about it?

regards,



November 22, 2024, 06:10:03 PM #1
Hi,
what exactly is the problem? You have flooded you network?
December 10, 2024, 05:12:54 PM #2
Yes, exactly.

I noticed that with this CARP UNICAST packets wich were flooded to other branches on the network.

I was just now checking on a slave firewall and see that it was receiving trafics.
it the same in fact. Receiving packets from clients.
And i cant see any gateway mac-address on the switch (aruba).

It's clear that any devices has to performe arp request to send packets... anyway.. switch wich doesnt realise such request doenst learn about the gateway mac adress... so far, the packets are flooding to any.
I'm gonna check on other devices to see of they receives this "flood".

Again, i would suggest to realise a gratuitous arp option... not only as an option but as a mandatory.
This kind of mecanism are usualy available on other prof soluction (STORMSHIELD or FORTINET).

I might be wrong on all of this or just victim of the switching infrastructure but it looks so far by the way. How thos packets, from the CARP itself or now, from clients could reach the slave in other cases. I've made traces on both firewalls, analyses mac-adress on them and on the switch core..

thanks for help

regards


Print
Go Up Pages1
User actions