[northlandboy]

Normally if you've got a Nokia cluster or VRRP pair, you would use the virtual cluster MAC address for any proxy ARP.

I can't remember what MAC ClusterXL/SPLAT uses for the cluster IP - if it's using the real MAC address of the member, then you've got a bit of a problem with manual NAT, don't you? With automatic proxy ARP, then it will only start publishing those ARPs when the cluster fails over.

I believe ClusterXL also sends gratuitous ARPs, which is why traffic to the cluster IP would fail over. (side note: I think it's poor design, the way systems update their ARP caches with ARP replies that are not in response to a request. But I digress). Looks like it doesn't also send gratuitous ARPs for the proxy ARP entries it has. Hmm. Bit of a problem then.

Either add /32 routes to the upstream router for all your NAT addresses, pointing to the cluster IP, or have a hunt around in the docs/KB to find out what the recommended solution is. If it's not a problem someone else has had/resolved, then there's something very wrong with the design of ClusterXL. Personally I think that using a virtual MAC, ala HSRP, VRRP, et al, is the way to do it.