ARP and Virtual IP address for servers

Vijay Santhanakrishnan 20 posts since Oct 29, 2008

ARP and Virtual IP address for servers Mar 12, 2014 8:40 AM
Hello,

I came across a situation where a virtual ip address is configured to two linux box sharing a virtual ip address
(each physical linux machines have their own ip address, however, for high availability a virtual IP address was
configured).

S#sh ip arp 192.168.14.220

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.14.220 16 d4g5.6650.2a7x ARPA Vlan1

S#sh ip arp 192.168.14.221

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.14.221 0 68b5.99bd.9820 ARPA Vlan1

S#sh ip arp 192.168.14.233

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.14.233 4 d4g5.6650.2a7x ARPA Vlan1

Above output shows arp entry for virtual address is binded to Server A. If Server A goes down, it takes a while
for arp entry to clear and this may cause an outage while new mac is binded to Server B.

What options are available to avoid an outage?

My ideas were:

1. Create ip sla to ping to the ip address to primary server, if no response action is to clear ip arp for the virtual
ip address
2. reduce arp aging time

Any ideas?

CiscoLoco - CCNP 1,341 posts since Feb 11, 2009

Re: ARP and Virtual IP address for servers Nov 12, 2013 5:34 PM
Maybe you can check with the Linux configuration and see if you have an option to send out a GARP during a
failover.

2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
1
ARP and Virtual IP address for servers

Vijay Santhanakrishnan 20 posts since Oct 29, 2008

Re: ARP and Virtual IP address for servers Nov 14, 2013 11:14 AM
One answer I found out was, we can ip sla to the virtual ip address, based on the result can run EEM
(Embeded Event Management) to clear ip arp for the virtual ip address. Will try this in the lab and post the
result. Meantime, any other helpful guidance/answers welcome.

LindsayHill 247 posts since May 17, 2010

Re: ARP and Virtual IP address for servers Nov 14, 2013 11:30 AM
in response to Vijay Santhanakrishnan
What method is used on the Linux boxes to configure that virtual IP, and how is failover detected/handled?

Did someone just go and run something like "ifconfig eth0:1 192.168.14.233 netmask 255.255.255.0" ? What
happens when the primary fails? Does someone go and manually add the IP to the secondary system?

Or is something like keepalived used to provide VRRP, and handle failure detection and failover?

Tools like keepalived will handle the GARP, and are overall a much better solution than trying to do something
with EEM. Remember that clustering is widely configured these days, and reasonably well understood. Better
to leverage off those solutions at a server level than try a "Stupid Router Trick". It will give you a more scalable,
easier to understand solution.

Murad 185 posts since Oct 1, 2010

Re: ARP and Virtual IP address for servers Nov 18, 2013 12:21 PM
I dont know which Linux distribution you are using. I have few clusters where i use hearbeat for failover using
virtual IP address. This package has built in gratuitous ARP. Its quite simple to configure and updates the CAM
table pretty quick. Most of the time my TCP session is still up while doing failover from one to another FW for
example. In most of the setups, two Linux boxes are using Virtual IP(VIP) talking to VIPs on two Cisco routers.
It just work perfectly. http://linux-ha.org/wiki/Heartbeat

2015 Cisco and/or its affiliates. All Rights Reserved. Generated on 2015-05-24-07:00
This document is Cisco Public Information.
2