Re: VSX Shared Vlan Interfaces and ARP Issue

LOcfemia · ‎2019-07-09

We are deploying VSX and getting some difficulties implementing it to customer's environment whether we use vSwitch or vRouter.

Both VSes need to have an access to shared vlan interfaces (internal & DMZ). eth5 (internal) has 4 vlans and eth6 (DMZ) has 1 vlan only. I believe vSwitch can have only 1 vlan tag, it seems we don't have other options but to use vRouter or create multiple vSwitch for each vlan.

The second problem is after creating vSwitch and connecting to VS0 (warp link) with the ip address of 10.10.1.254, the gateway or VS0 is not responding to arp request.
"arp who-has 10.10.1.254 tell 10.10.1.210" Clearly, that IP belongs to virtual device.

Did I miss anything? Any suggestion are welcome and appreciated.

I have attached the topology for reference. Thank you.

VSX Diagram.png

Maarten_Sjouw · ‎2019-07-09

For each VLAN you need to connect to more than 1 VS you create a virtual switch, this Virtual switch can also be connected to a VLAN in a trunk port. This is not limited to a physical interface.

Regards, Maarten

Kaspars_Zibarts · ‎2019-07-10

As said earlier vSwitch can only handle one VLAN. So technically you could spin up 5 vSwitches one for each VLAN. But I struggle to understand the purpose of two firewalls connecting to the same interfaces (all) I understand if they shared one or two, but not all. Seems a bit strange.

ARP issue is probably related to VLAN tagging not set correctly or check your trunk between VSX and next hop

Are you a member of CheckMates?

VSX Shared Vlan Interfaces and ARP Issue