Working with the GARP Chunk Mechanism

Description

When Proxy ARP is enabled, the Firewall responds to ARP requests for hosts other than itself.

When failover occurs between Security Group Members, the new Active Security Group Member sends Gratuitous ARP (GARP) Requests with its own (new) MAC address to update the network ARP tables.

To prevent network congestion during failover, GARP Requests are sent in user defined groups called chunks.

Each chunk contains a predefined number of GARP Requests based on these parameters:

  • The number of GARP Requests in each chunk (default is 1000 in each HTU).

  • High Availability Time Unit (HTU) - the time interval (1 HTU = 0.1 sec), after which a chunk is sent.

  • The chunk mechanism iterates on the proxy ARP IP addresses, and each time sends GARP Requests only for some of them until it completes the full list.

When the iteration sends the full list, it waits N HTUs and sends the list again.

Configuration

Important - To make the configuration permanent (to survive reboot), add the applicable kernel parameters to the $FWDIR/boot/modules/fwkern.conf file with this command:

g_update_conf_file fwkern.conf <Parameter>=<Value>

For example, to send 10 GARP Requests each second, set the value of the kernel parameter fwha_refresh_arps_chunk to 1:

g_fw ctl set int fwha_refresh_arps_chunk 1

To send 50 GARP Requests each second, set the value of the kernel parameter fwha_refresh_arps_chunk to 5:

g_fw ctl set int fwha_refresh_arps_chunk 5

Whenever the iteration is finished sending GARP Requests for the entire list, it waits N HTUs and sends the GARP Requests again.

The time between the iterations can be configured with these kernel parameters:

Kernel Parameter

Instructions

fwha_periodic_send_garps_interval1

The default value is 1 HTU (0.1 second).

The Security Group sends the GARP immediately after failover.

Important - Do not change this value.

fwha_periodic_send_garps_interval2

The default value is 10 HTUs (1 second).

After the iteration sends the GARP list, it waits for this period of time and sends it again.

fwha_periodic_send_garps_interval3

The default value is 20 HTUs (2 seconds).

After the iteration sends the GARP list, it waits for this period of time and sends it again.

fwha_periodic_send_garps_interval4

The default value is 50 HTUs (5 seconds).

After the iteration sends the GARP list, it waits for this period of time and sends it again.

fwha_periodic_send_garps_interval5

The default value is 100 HTUs (10 seconds).

After the iteration sends the GARP list, it waits for this period of time and sends it again.

To change an interval, run in the Expert mode:

g_fw ctl set int fwha_periodic_send_garps_interval<N> <Value>

To apply the intervals, run in the Expert mode:

g_fw ctl set int fwha_periodic_send_garps_apply_intervals 1

Verification

To send GARP Requests manually, on the SMO, run in the Expert mode:

g_fw ctl set int test_arp_refresh 1

This causes GARP Requests to be sent (same as was failover).

To debug, run in the Expert mode:

g_fw ctl zdebug -m cluster + ch_conf | grep fw_refresh_arp_proxy_on_failover