SRX Services Gateway
Reply
Visitor
RichCompton
Posts: 6
Registered: ‎12-13-2011
0

Junos equivelant of "set arp always-on-dest"

We are using a cluster of two websense proxy devices connected to a SRX 650.  The websense devices use a Virtual IP.  When one fails, the other one picks up that IP.  When we fail over from one web proxy device to the other, the traffic will fail until we clear the arp entry on the SRX for that VIP.  Is there an equivelant command in Junos that we can run that will do the same thing as "set arp always-on-dest" which will continuously arp out for the VIP?  We want the SRX to quickly see that there is a new MAC address for that VIP and then communicate using that new MAC.

 

Hope my description was clear enough.  Thanks in advance.

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Junos equivelant of "set arp always-on-dest"

This is probably not helpful, but shouldn't this be handled by the Websense machines? Usually, when you fail over, you should send out gratitious arp so that all other network equipment will see that your Mac has changed. Maybe Websense has something like that and it isn't enabled?

 

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Visitor
RichCompton
Posts: 6
Registered: ‎12-13-2011
0

Re: Junos equivalent of "set ARP always-on-dest"

It is sending out the gratuitous arp but the firewall is not picking it up for some reason.  There is a L2 Cisco switch in between the the websense servers and the firewall. 

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: Junos equivalent of "set ARP always-on-dest"

Well then I would look at the switch. It should learn the new Mac address through the gratitious arp and propagate it I guess. But I am not a layer 2 expert. My educated guess is you need to look at the switch and Websense, not the SRX. 

Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
New User
natosachnua
Posts: 2
Registered: ‎12-14-2011
0

Re: Junos equivelant of "set arp always-on-dest"

My understanding is that by default ARP cache updates based on gratuitous ARP replies is disabled. You can enable it per interface with the command "gratuitous-arp-reply".

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.