ClusterXL VMAC question

Is it fair to say that CLUSTERXL without VMAC is still more reliable/consistent that CLUSTERXL with VMAC?
I am interested in R80.40 and R81.10 especially.

I have experience with ClusterXL with/without VMAC and automatic NATs/proxyarp in R77.20 and I never had any issue and failover with both are seamlessly. 

I like VMAC mode in theory, however I have googled it a bit and I see a number of  issues in the past related with ClusterXL and VMAC for example:

  • Cisco conversational mac learning
  • Cisco STP no edge/fast port
  • L2 routing like F5 auto last hop
  • Proxyarp and automatic nat
  • Hosts -> duplicated ips - 2macs (physical and virtual) for the same cluster ip


On the other side, I have never seen issues with GARPs and updating host ARP tables. VMAC may allow faster failovers but not substantially faster just microseconds.

So that is why I am more inclined for no VMAC. Any thought on it?

In case of using VMAC always with "SAME VMAC" option on, right? fwha_alter_vmac_param

Im so glad you asked this question. Personally, I always find that with customers, this is really dependant on what kind of switch they use. I find anyone using Aruna switches does not have any problems, but Cisco on the other side can be a different story.

All those things you listed are definitely true. CP version from what I had seen does not play significant role here.

Best regards,


If you have a really large number of proxy ARP entries, sometimes the firewall doesn't flush them out consistently after failover or policy push. I have a firewall which hit this. Before enabling VMAC, a failover would take down traffic for 30+ minutes while adjacent devices relearned all the MACs. After enabling VMAC, there is no observed traffic impact from a failover.


Excellent point, had customer few years ago with that issue.


