Support Center > Search Results > SecureKnowledge Details
Traffic originated by the Standby cluster member does not work Technical Level
Symptoms
  • Traffic originated by the Standby cluster member does not work.

  • TCPdump capture on the Active cluster member shows the following chain of events when the Standby member initiates the traffic to the involved Host:

    1. Standby member sends a unicast ARP Request to the Active member:
      [TIME] [MAC_Address_of_Standby] > [MAC_Address_of_Active], ethertype ARP (0x0806), length 60: arp who-has [IP_Address_of_Host] tell [IP_Address_of_Active]

    2. Active member sends a broadcast ARP Request:
      [TIME] [MAC_Address_of_Active] > Broadcast, ethertype ARP (0x0806), length 42: arp who-has [IP_Address_of_Host] tell [Cluster_VIP_Address]

    3. Host answers with its IP address to the Active member:
      [TIME] [MAC_Address_of_Host] > [MAC_Address_of_Active], ethertype ARP (0x0806), length 60: arp reply [IP_Address_of_Host] is-at [MAC_Address_of_Host]

    4. But this ARP Reply is never forwarded from the Active member to the Standby member.
Cause

The following kernel parameters are set (either on-the-fly, or permanently via $FWDIR/boot/modules/fwkern.conf file), which conflict with each other:

Kernel
parameter
Current
value
Explanation Notes
fwha_arp_forward_standby 1
  1. The ARP Request is sent from a warp interface from the Standby member to the network.
  2. The Standby member intercepts the ARP Request and sends it directly to the Active member by modifying the destination MAC address in Ethernet header.
  3. The Active member then sends the ARP Request to the network.
  4. Upon receiving the ARP Reply, the Active member resends the ARP Reply to all the other members.
Refer to sk94564
fwha_resend_arp_unicast 1 ARP packets are resent to other cluster members in "unicast" Refer to sk94564

This parameter cannot be set on-the-fly with "fw ctl set int" command.
Only permanently via $FWDIR/boot/modules/fwkern.conf file.
fwha_enable_arp_resend 0 Active cluster member will not forward ARP Reply packets to other peer members Refer to sk98417

Clarification: The above values of kernel parameters cause the Active member not to forward ARP Replies to other members.


Solution
Note: To view this solution you need to Sign In .