Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

GARP Chunk Mechanism

Description:

When Proxy ARP is enabled, the Firewall responds to ARP requests for hosts other than itself. When Chassis failover occurs, the new Active Chassis sends GARPs with its own (new) MAC address to update th network ARP tables.

To prevent network congestion during Chassis failover, GARP requests/responses are sent in user defined groups called "chunks". Each chunk contains a predefined number of GARP messages based on these parameters:

  • The number of GARP messages in each chunk
  • HTU (High Availability Time Unit) - Time interval, after which a chunk is sent.

  • The chunk mechanism is iterating on the proxy ARP IPs, and each time sends GARPs only for some of them until it completes the entire list.

In each HA Time Unit (HTU=0.1s) - a chunk of the GARP list is sent.

Whenever the iteration is finished send all the list, it waits N HTU and sends the list again.

Configuration:

In each HTU (=0.1 second) - a chunk of the GARP list is sent.

For example, if we want that 10 GARPs will be sent in each second
fwha_refresh_arps_chunk should be set to 1.
(command: # fw ctl set int fwha_refresh_arps_chunk 1)

For 50 GARPs/seconds,
fwha_refresh_arps_chunk should be set to 5.
(command: # fw ctl set int fwha_refresh_arps_chunk 5)

Whenever the iteration is finished sending GARPs for the entire list, it waits N HTU and re-sends the GARPS again. The time between the iterations can be configured with:
fwha_periodic_send_garps_interval1 = (1 HTU) /* should not be changed, send immediately after failover */
fwha_periodic_send_garps_interval2 = (10 HTU) /* 01 seconds */
fwha_periodic_send_garps_interval3 = (20 HTU) /* 02 seconds */
fwha_periodic_send_garps_interval4 = (50 HTU) /* 05 seconds */
fwha_periodic_send_garps_interval5 = (100 HTU) /* 10 seconds */

In the above (default) configuration, after finishing iterate the list,
wait 1 seconds and start send again
wait 2 seconds and start send again.
wait 5 seconds and start send again.
wait 10 seconds and start send again.

To change interval:
fw ctl set int fwha_periodic_send_garps_interval<1-5> 1

To apply intervals:
fw ctl set int fwha_periodic_send_garps_apply_intervals 1

Verification:

In order to initiate manual garp sending:

On the Chassis monitor blade, run:
fw ctl set int test_arp_refresh 1
This will cause garp sending (same as was failover)

Debug:

fw ctl zdebug -m cluster + ch_conf | grep fw_refresh_arp_proxy_on_failover

  
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print