Re: Sun OS virtual zone ASA5520 arp problem

[Jeffrey Ramsay <jramsay () UTICA EDU>]

Hello,

I suspect you have two hosts/containers sharing the same IP address. The
containers will all share the same mac address of the global zone unless
you have multiple nics. With multiple nics it's possible to associate
each zone with a physical interface and set the eeprom or OBP option
local-mac-address to true.

Also, depending on the host system (Sparc or X86) you're using you could
have trunked the interfaces and this would change the arp table to show
the same mac for all zones -- it's best to start testing using the
following commands from the global zone "arp -a", "ifconfig -a",
"netstat -rn" and "zoneadm list -v".

Figure out which zones are running, identify the mac address associated
with each zone along with the defined routes. Without knowing your
network topology this is the best advice I can offer.

-Jeff

Steve Whitson wrote:
> I am using virtual zones on Sun OS and experiencing intermittent Mac
> address table problem where two arp responses are being seen with the
> same IP address causing an intermittent Mac IP mismatch and resultant
> connectivity problem. As the table updates dynamically the Mac address
> of the ASA 5520 outside interface is sometimes being seen as the Mac
> address of the virtual zone for the server instance instead of the
> Mac/IP for the zone. The Virtual zones are all in our DMZ interface. Has
> anyone experienced this problem ?

--
Jeffrey J. Ramsay
Systems Administrator (SCSA, SCNA, SCSECA)
Utica College
1600 Burrstone Road
Utica, NY 13502
Office: (315)223-2383
http://www.utica.edu
AIM: sol6789

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature