Wireless Access

Reply
Occasional Contributor I
Posts: 9
Registered: ‎04-05-2016

VRRP source mac address. Physical or Virtual?

For traffic coming from the VIP of a Master Redundancy VRRP, what should the source mac address be?  My understanding is that it should be sourced from the VRRP virtual mac address and the VRRP virtual IP address.

 

But when i take a packet capture, that's not what i see.  Traffic from the VRRP IP address is sourced via the physical mac address.

Aruba_VRRP.JPG

 

So either my understanding of VRRP is incorrect, or the Aruba controller is not responding sourced from the correct mac address.  I do see it sending VRRP packets sourced from the VRRP virtual mac, but not packets destined towards APs.

 

Thoughts?

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: VRRP source mac address. Physical or Virtual?

The controller does not initiate any traffic from its VRRP. VRRP is only used for receiving traffic.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎04-05-2016

Re: VRRP source mac address. Physical or Virtual?

So traffic from the controller to the AP should not be sourced via the VRRP address?  That doesn't seem right.

Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: VRRP source mac address. Physical or Virtual?

It is not.  It comes from the controller's controller-ip.  VRRP is a standard protocol for incoming traffic, not outgoing traffic.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎04-05-2016

Re: VRRP source mac address. Physical or Virtual?

Listen, VRRP is not a receive only protocol. If that was the case, all TCP transactions to the VIP would fail.  As you can see in the screenshot, they very well do work as this is a packet FROM the VRRP IP Address.

 

If what you are saying regarding AP communication is correct, then there would be 2 seperate GRE tunnels to the controller.  One from the AP to the VIP, and one from the controllers mgmt IP to the AP.  Which is also not the case.  See the following:

 

Aruba-GRE-Termination.jpeg

Amazing that the firwall shows that the controller does indeed build a GRE tunnel from the VIP to the AP.

 

So now back to my original question, why are packets SENT from the VIP IP address not sent via the VRRP virtual mac?  Doesn't this lead to issues where we have to do unicast flooding since we aren't learning the mac address on that port? (also behavior described in the RFC).

Occasional Contributor I
Posts: 9
Registered: ‎04-05-2016

Re: VRRP source mac address. Physical or Virtual?

[ Edited ]
 
Search Airheads
Showing results for 
Search instead for 
Did you mean: