Working with the GARP Chunk Mechanism
Description
When Proxy ARP is enabled, the Firewall responds to ARP requests for hosts other than itself.
When failover occurs between Security Group A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Members, the new Active Security Group Member sends Gratuitous ARP (GARP) Requests with its own (new) MAC address to update the network ARP tables.
To prevent network congestion during failover, GARP Requests are sent in user defined groups called chunks.
Each chunk contains a predefined number of GARP Requests based on these parameters:
-
The number of GARP Requests in each chunk (default is 1000 in each HTU).
-
High Availability Time Unit (HTU) - the time interval (1 HTU = 0.1 sec), after which a chunk is sent.
-
The chunk mechanism iterates on the proxy ARP IP addresses, and each time sends GARP Requests only for some of them until it completes the full list.
When the iteration sends the full list, it waits N HTUs and sends the list again.
Configuration
|
Important - To make the configuration permanent (to survive reboot), add the applicable kernel parameters to the
|
For example, to send 10 GARP Requests each second, set the value of the kernel parameter fwha_refresh_arps_chunk
to 1:
|
To send 50 GARP Requests each second, set the value of the kernel parameter fwha_refresh_arps_chunk
to 5:
|
Whenever the iteration is finished sending GARP Requests for the entire list, it waits N HTUs and sends the GARP Requests again.
The time between the iterations can be configured with these kernel parameters:
Kernel Parameter |
Instructions |
||
---|---|---|---|
|
The default value is 1 HTU (0.1 second). The Security Group sends the GARP immediately after failover.
|
||
|
The default value is 10 HTUs (1 second). After the iteration sends the GARP list, it waits for this period of time and sends it again. |
||
|
The default value is 20 HTUs (2 seconds). After the iteration sends the GARP list, it waits for this period of time and sends it again. |
||
|
The default value is 50 HTUs (5 seconds). After the iteration sends the GARP list, it waits for this period of time and sends it again. |
||
|
The default value is 100 HTUs (10 seconds). After the iteration sends the GARP list, it waits for this period of time and sends it again. |
To change an interval, run in the Expert mode:
|
To apply the intervals, run in the Expert mode:
|
Verification
To send GARP Requests manually, on the SMO See "SMO"., run in the Expert mode:
|
This causes GARP Requests to be sent (same as was failover).
To debug, run in the Expert mode:
|