PDA

View Full Version : VSX and ARP behaviour during Policy Install



ckpcgy
2018-04-02, 13:22
We are currently seeing odd behaviour during policy install on our VSX implementation, we are running 15000's and R80.10 with VSX.

At a high level at the end of a policy install (right before progress bar finishes), the VSX instance will send ARP requests as the internal communication IP's and not the interface IP's.

Sequence of events, in tcpdump arp (i've changed IP's):

our checkpoint vsx has internet IP: 1.1.1.5
our default gateway (isp) is: 1.1.1.1 (HSRP), with .2 and .3 as the physical routers.
There is another router in that L2 broadcast domain at mac: cc:98:91:2a:xx:xx (unrelated to our default gateway).

During policy install we see:
arp who-has 1.1.1.2 tell 192.168.196.18
arp who-has 1.1.1.3 tell 192.168.196.18
arp reply 1.1.1.2 is-at cc:98:91:2a:xx:xx (oui Unknown)
arp reply 1.1.1.3 is-at cc:98:91:2a:xx:xx (oui Unknown)
arp reply 1.1.1.1 is-at cc:98:91:2a:xx:xx (oui Unknown)
about 20 seconds elapse, then:
arp who-has 1.1.1.2 tell 1.1.1.5
arp who-has 1.1.1.1 tell 1.1.1.5
arp who-has 1.1.1.3 tell 1.1.1.5
then a few more seconds:
arp reply 1.1.1.1 is-at 00:00:0c:07:ac:00 (oui Cisco)

During the time our arp for 1.1.1.1 points to that cc:98 mac address we have no internet connectivity obviously, as soon as arp gets back to normal, things are fine.

So my question is, is it normal behaviour what we are seeing that we are asking for our default gateway's arp as the internal communication IP's for a brief amount of time, then correctly asking for arp using our internet IP? I have confirmed that proxy arp is not running on the router's interface for the mac cc:99.