Prevent SonicWall NSA2650 from responding on all arp requests
We run a SonicWall NSA2650 as our gateway in Static IP mode. Our cluster periodically does health checks, which includes pinging itself to verify that no other devices are on the network with a duplicate IP address. It uses the ARP information it receives to review the MAC addresses of all responses.
The issue is that the SonicWall responds to the ping/arp request with its own MAC address during the ARP process, then allowing the cluster response through. When this happens this way, the cluster determines that there is another device on the network with the same IP address and reports the MAC address of the Sonic Wall as a conflict.
I need the Sonic Wall to stop responding to ARP requests on the cluster's IP address(es). I have tried assigning a static IP in the Sonic Wall DHCP scope, and adding a static ARP entry with no success.
Any help would be greatly appreciated.
Answers
ARP is essential to the functioning of a network... what 'cluster' are you talking about?
It's a Nutanix cluster. The built-in health checks are what are throwing error flags.
Can you provide a diagram of the network with IP addressing used? If not can you provide a written description?
I feel I'm not explaining this very well. I will look for or create a diagram here shortly. The process causing the issue is currently:
1) The Nutanix pings its own IP address to look for conflicts.
2) The Sonic Wall (gateway) gets an ARP request as a result.
3) The Sonic Wall replies to the Nutanix ARP request with its own MAC address.
4) The Nutanix responds to the ARP request with its MAC address.
5) The Nutanix believes that two devices have the same IP address and throws an error.
I uploaded a quick diagram of the process. It's a relatively flat network for this part: everything sits on a single L2 segment and on the same VLAN.
@TBHOSC
if i'm not mistaken. nutanix ping himself, packet won't go to network, it will replay own arp table and loopback interface. ( This procudure is same as another network devices.)
That sounds how I understand things too, so I don't understand what's going on. I have attached a wireshark screencap where it shows how the SonciWall is responding with its own MAC prior to the Nutanix response. This is the behavior I need to stop from happening.
BTW, I appreciate everybody's input on this!
EDIT: I see the ARP request is coming from my PC in the picture. This may be because I'm triggering the Nutanix Health checks from my computer.
This comment was made in error.
I think it's happening because there are 3 network connected nodes on the cluster. Each one checks for duplicates of the others, which sends the traffic to the gateway. The gateway is responding back first with the SonicWall MAC, and then the other Nutanix node MAC.
To start, the IP addresses shown in your diagram are not the same as your packet capture... So which is accurate?
Did you static assign the IP addresses on your cluster or are you using DHCP? Are there any entries in the Sonicwall's Static ARP table for the IP in question?
Clearly we're missing part of the picture.
The diagram is not accurate on the IP scheme, but shows the issues I'm having. We run on a 255.255.252.0 subnet, 172.16.104.0.
These are statically assigned addresses, and there were no static entries in the SonicWall's Statis ARP table. Per SonicWall's support I have added them to the DHCP and ARP sections in the SonicWall.
Was this occurring prior to adding 'them to the DHCP and ARP sections in the Sonicwall'?
Yes, this was occurring before adding the cluster IP addresses to the the DHCP and ARP sections in the SonicWall.
Since that did not help, remove them. Are you doing any bridging / port-shielding of Sonicwall interfaces? What interfaces are connected? What firmware is the 2650 running?
What are the IP addresses used by your cluster and hosts? The Sonicwall?
Did you figure this one out?
I have the same problem. a NSA2700,
And it answer to ALL ARP Reqest, with " ip x.x.x.x is at sonicwall-mac"
The Sonicwall have only one ip on the Subnet, but still answert to all other IP's as well.
Example:
Sonicwall ip/mac : 10.10.10.250 / 90:90:90:90:90:90
Inncomming ARP Reqest from random computer: Who has 10.10.10.105
Sonicwall answers with a slight delay: IP 10.10.10.105 is at 90:90:90:90:90:90
Why?
@sveinol I did not experienced this in the past and I deployed a few of them.
Is there a NAT rule which might catch the ARP request for the addresses of that specific subnet?
Does it occur on any Interface or just specific ones and what Zone got they assigned to?
--Michael@BWC
Go to the diag page and enable "Bypass ARP processing on L2 bridge interfaces"