AnsweredAssumed Answered

VMAC and Automatic NAT

Question asked by Maarten Sjouw on Sep 9, 2018
Latest reply on Sep 10, 2018 by Dameon Welch Abernathy

Yesterday we were doing a migration of a cluster which has some Automatic NAT's that are using IP's in the same range as the external IP of the gateways.

Months ago we had issues with this customer when we had a cluster failover which was returned shortly after, around 10 minutes. After the primary member was restored the router just kept using the mac address of the backup gateway and only after the 4 hour cache of the router was flushed, it restored the proper mac address.

 

We decided to change the cluster to use VMAC instead and setup proxy arp (for the manual NAT) to use the VMAC as well. Now you would expect the cluster to show the VMAC adresses when you see the response on 'fw ctl arp' but it will only show the manual NAT proxy arp entries with the VMAC and all automatic NAT are just using the interface mac and I really do not understand why.

 

As when we yesterday moved from openserver on R77.30 to Appliance with R80.10 we were really surprised to see this behavior as again we had problems with those blasted routers not picking up the gratuitous arps sent when switching the cluster (during failover tests).

Only by sending them manually by using arping we could get it all back to work again.

 

This just one of the reasons why I really prefer VRRP, as there the automatic NAT just use the VMAC, as it should.

 

Anyone else having similar problems or are the clusters I have checked so far (about 4 ClusterXL and 2 VRRP) the only ones with these problems or has nobody ever wondered? 

Outcomes