Normally you would not need to change the time interval. The default is 8 seconds between gratuitous ARP packets. The time interval can be in the range of 1 to 20 seconds. For example, enter the following command to change the time between ARP packets to 3 seconds: You can also use the following command to change the time interval in seconds between gratuitous ARP packets. If failover is taking longer that expected, you may be able to reduce the failover time by increasing the number gratuitous ARP packets sent. As long as the cluster still fails over successfully, you could reduce the number of gratuitous ARP packets that are sent to reduce the amount of traffic produced after a failover. For example, if your cluster has a large number of VLAN interfaces and virtual domains and because gratuitous ARP packets are broadcast, sending a higher number gratuitous ARP packets may generate a lot of network traffic. In some cases, however, you might want to reduce the number of gratuitous ARP packets.
Usually you would not change the default setting of 5. You can use this command to configure the primary unit to send from 1 to 60 ARP packets. For example, enter the following command to send 20 gratuitous ARP packets: You cannot disable sending gratuitous ARP packets, but you can use the following command to change the number of packets that are sent.
SHOW MAC ADDRESS FORTINET UPDATE
When a failover occurs it is important that the devices connected to the primary unit update their FDBs as quickly as possible to reestablish traffic forwarding.ĭepending on your network configuration, you may be able to change the number of gratuitous ARP packets and the time interval between ARP packets to reduce the cluster failover time.
However, since the new primary unit interfaces are connected to different switch interfaces than the failed primary unit, many network switches will update their FDBs more quickly after a failover if the new primary unit sends gratuitous ARP packets.Ĭ h a ng i n g how the primary unit sends gratuitous ARP packets after a failover Sending gratuitous ARP packets is not required for routers and hosts on the network because the new primary unit will have the same MAC and IP addresses as the failed primary unit. The gratuitous ARP packets sent from the primary unit are intended to make sure that the layer-2 switch forwarding databases (FDBs) are updated as quickly as possible. This is sometimes called using gratuitous ARP packets (sometimes called GARP packets) to train the network. Gratuitous ARP packets configure connected network devices to associate the cluster virtual MAC addresses and cluster IP address with primary unit physical interfaces and with the layer-2 switch physical interfaces. When the new primary unit is selected after a failover, the primary unit sends gratuitous ARP packets to update the devices connected to the cluster interfaces (usually layer-2 switches) with the virtual MAC address. Instead the reserved management interface keeps its original MAC address. The MAC address of a reserved management interface is not changed to a virtual MAC address. You can verify this by connecting to the subordinate unit CLI and using the get hardware interface nic command to dis- play the MAC addresses of each FortiGate interface. Subordinate unit MAC addresses do not change. See Diagnosing packet loss with two FortiGate HA clusters in the same broadcast domain on page 1512 for more information. Since you can connect to the management IP address from any interface, all of the FortiGate interfaces appear to have the same virtual MAC address.Ī MAC address conflict can occur if two clusters are operating on the same network. If a cluster is operating in Transparent mode, the FGCP assigns a virtual MAC address for the primary unit management IP address. Redundant interfaces or 802.3ad aggregate interfaces are assigned the virtual MAC address of the first interface in the redundant or aggregate list.
VLAN subinterfaces are assigned the same virtual MAC address as the physical interface that the VLAN subinterface is added to. If a cluster is operating in NAT/Route mode, the FGCP assigns a different virtual MAC address to each primary unit interface. If the MAC addresses changed after a failover, the network would take longer to recover because all attached network devices would have to learn the new MAC addresses before they could communicate with the cluster. As a result, most network equipment would identify the new primary unit as the exact same device as the failed primary unit. HA uses virtual MAC addresses so that if a failover occurs, the new primary unit interfaces will have the same virtual MAC addresses and IP addresses as the failed primary unit. When a cluster is operating, the FGCP assigns virtual MAC addresses to each primary unit interface.
0 kommentar(er)
