Thursday, March 15, 2018

Juniper ARP/ethernet switching table mystery

I've got two switches directly connected to each other via an aggregated ethernet link (ae0 on both sides). There's a host connected to Switch 2 on a gigabit ethernet port (ge-0/1). The switches are running VRRP for the default gateway for the host's subnet. The VLAN is trunked across ae0.

Here's where things get weird. Both switches have an ARP entry for the host's IP and MAC pointing to each other over the ae0 interface. If I clear the arp entry, the correct one shows up for a few seconds before being replaced by the inaccurate one. A firewall filter on Switch 1's ae0 interface shows that it is trying to send packets with the host's ip and mac across ae0, but I can't for the life of me figure out why.

There's no loop, and it only happens to this one ARP entry out of dozens on this VLAN. JTAC doesn't have an answer. Is it a bug, or have I overlooked something?



No comments:

Post a Comment