• September 15, 2019, 02:28:53 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Nokia IP560 with Nortel ERS 8600 VRRP Interfaces  (Read 4994 times)

0 Members and 1 Guest are viewing this topic.

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 3840
    • michaelfmcnamara
    • Michael McNamara
Nokia IP560 with Nortel ERS 8600 VRRP Interfaces
« on: July 08, 2009, 04:45:53 PM »
I've observed a really odd problem that I thought I would share here. I have two Nokia IP560 IPSOs setup in a cluster configuration as a perimeter Internet firewall solution. I had all sorts of issues with the two Nokia boxes being able to communicate with the internal gateway, a Nortel Ethernet Routing Switch 8600 VRRP (Virtual Router Redundancy Protocol) interface that is shared between two 8600 switches which themselves are in a clustered configuration (IST/SMLT).

There is an option within the Nokia IP560 to allow multicast MAC addresses in ARP responses, however, even with that option enabled neither Nokia IP560 would resolve the MAC address of the VRRP interface. I had to create a static ARP entry on both Nokia's to work around the problem.

Well today I reconfigured the VRRP IDs on the Ethernet Routing Switch 8600 so all the VRRP IDs would be unique and I had to reconfigure the static ARP entry on the Nokia IP560s to restore communications with the two firewalls.

The problem is only limited to the VRRP interface. If I configure the two Nokia IP560s with the physical interface of either ERS 860 switch as the gateway the problem does not manifest itself. I'm guess that this may be a bug within the IPSO release.

Cheers!
« Last Edit: July 10, 2009, 11:19:00 PM by Michael McNamara »
We've been helping network engineers, system administrators and technology professionals since June 2009.
If you've found this site useful or helpful, please help me spread the word. Link to us in your blog or homepage - Thanks!


nmsman

  • Guest
Re: Nokia IP560 with Nortel ERS 8600 VRRP Interfaces
« Reply #1 on: July 12, 2009, 03:31:54 AM »
Hi Michael,

I have seen something similar before, and i believe it was something to do with VRRP backup master on the passports. Cant remember whether it was on or off when the problem showed.
If you dont think this is it, then what version of IPSO have you got on the Nokias?

Regards
pete