Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Luis_Miguel_Mig
Advisor

ClusterXL VMAC question

Is it fair to say that CLUSTERXL without VMAC is still more reliable/consistent that CLUSTERXL with VMAC?
I am interested in R80.40 and R81.10 especially.

I have experience with ClusterXL with/without VMAC and automatic NATs/proxyarp in R77.20 and I never had any issue and failover with both are seamlessly. 

I like VMAC mode in theory, however I have googled it a bit and I see a number of  issues in the past related with ClusterXL and VMAC for example:

  • Cisco conversational mac learning
  • Cisco STP no edge/fast port
  • L2 routing like F5 auto last hop
  • Proxyarp and automatic nat
  • Hosts -> duplicated ips - 2macs (physical and virtual) for the same cluster ip

 

On the other side, I have never seen issues with GARPs and updating host ARP tables. VMAC may allow faster failovers but not substantially faster just microseconds.

So that is why I am more inclined for no VMAC. Any thought on it?

In case of using VMAC always with "SAME VMAC" option on, right? fwha_alter_vmac_param



0 Kudos
3 Replies
the_rock
Legend
Legend

Im so glad you asked this question. Personally, I always find that with customers, this is really dependant on what kind of switch they use. I find anyone using Aruna switches does not have any problems, but Cisco on the other side can be a different story.

All those things you listed are definitely true. CP version from what I had seen does not play significant role here.

Best regards,

Andy

0 Kudos
Bob_Zimmerman
Authority
Authority

If you have a really large number of proxy ARP entries, sometimes the firewall doesn't flush them out consistently after failover or policy push. I have a firewall which hit this. Before enabling VMAC, a failover would take down traffic for 30+ minutes while adjacent devices relearned all the MACs. After enabling VMAC, there is no observed traffic impact from a failover.

(1)
the_rock
Legend
Legend

Excellent point, had customer few years ago with that issue.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82

    Thu 25 Apr 2024 @ 11:00 AM (SGT)

    APAC: CPX 2024 Recap

    Tue 30 Apr 2024 @ 03:00 PM (CDT)

    EMEA: CPX 2024 Recap

    Wed 01 May 2024 @ 02:00 PM (EDT)

    South US: HTTPS Inspection Best Practices

    Thu 02 May 2024 @ 11:00 AM (SGT)

    APAC: What's new in R82
    CheckMates Events