Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

GARP Chunk Mechanism

When Proxy ARP is enabled, the Firewall responds to ARP requests for hosts other than itself. When Chassis failover occurs, the new Active Chassis sends GARPs with its own (new) MAC address to update the network ARP tables.

To prevent network congestion during Chassis failover, GARP requests/responses are sent in user defined groups called "chunks". Each chunk contains a predefined number of GARP messages based on these parameters:

  • The number of GARP messages in each chunk
  • HTU (High Availability Time Unit) - Time interval, after which a chunk is sent.
  • The chunk mechanism is iterating on the proxy ARP IPs, and each time sends GARPs only for some of them until it completes the full list.

In each HA Time Unit (HTU=0.1s) - a chunk of the GARP list is sent.

When the iteration sends the full list, it waits N HTU and sends the list again.

Configuration:

In each HTU (=0.1 second) - a chunk of the GARP list is sent.

For example, to send 10 GARPs each second, set fwha_refresh_arps_chunk to: 1

# fw ctl set int fwha_refresh_arps_chunk 1

To send 50 GARPs per second, set fwha_refresh_arps_chunk to: 5

# fw ctl set int fwha_refresh_arps_chunk 5

Whenever the iteration is finished sending GARPs for the entire list, it waits N HTU and re-sends the GARPS again. The time between the iterations can be configured with:

fwha_periodic_send_garps_interval1 = (1 HTU) /* should not be changed, send immediately after failover */
fwha_periodic_send_garps_interval2 = (10 HTU) /* 01 seconds */
fwha_periodic_send_garps_interval3 = (20 HTU) /* 02 seconds */
fwha_periodic_send_garps_interval4 = (50 HTU) /* 05 seconds */
fwha_periodic_send_garps_interval5 = (100 HTU) /* 10 seconds */

In the above (default) configuration, after the iteration sends the list:

  • Wait 1 second and start send again.
  • Wait 2 seconds and start send again.
  • Wait 5 seconds and start send again.
  • Wait 10 seconds and start send again.

To change the interval:

Run:

# fw ctl set int fwha_periodic_send_garps_interval<1-5> 1

To apply the intervals:

Run:

# fw ctl set int fwha_periodic_send_garps_apply_intervals 1

Verification:

To manually send garp messages:

On the Chassis monitor blade, run:

> fw ctl set int test_arp_refresh 1

This causes garp messages to be sent (same as was failover).

Debug:

> fw ctl zdebug -m cluster + ch_conf | grep fw_refresh_arp_proxy_on_failover
  
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print