From owner-freebsd-net@FreeBSD.ORG Thu Jun 26 03:18:55 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2F9CF106564A for ; Thu, 26 Jun 2008 03:18:55 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: from ibctech.ca (v6.ibctech.ca [IPv6:2607:f118::b6]) by mx1.freebsd.org (Postfix) with SMTP id CEC6D8FC12 for ; Thu, 26 Jun 2008 03:18:54 +0000 (UTC) (envelope-from steve@ibctech.ca) Received: (qmail 92265 invoked by uid 89); 26 Jun 2008 03:19:56 -0000 Received: from unknown (HELO ?IPv6:2607:f118::5?) (steve@ibctech.ca@2607:f118::5) by 2607:f118::b6 with ESMTPA; 26 Jun 2008 03:19:56 -0000 Message-ID: <48630AA3.3000800@ibctech.ca> Date: Wed, 25 Jun 2008 23:18:59 -0400 From: Steve Bertrand User-Agent: Thunderbird 2.0.0.14 (Windows/20080421) MIME-Version: 1.0 To: Giulio Ferro References: <486000B5.9090703@zirakzigil.org> <4862B2AF.70202@zirakzigil.org> In-Reply-To: <4862B2AF.70202@zirakzigil.org> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias)) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2008 03:18:55 -0000 Giulio Ferro wrote: > I finally got the problem, and it had nothing to do either with vlans or > with carp. > > The firewall I was setting up was meant to replace an existing freebsd > firewall > which didn't use vlans (it had a lot of nics). > The problem was that the network port where our ISP brings the internet > connection > still had the old aliased mac addresses in its arp cache. Thank you Giulio (is it Gio?)... for replying everyone with a definitive conclusion. Thats fantastic for the followers of the thread, but the archives as well. > For some > reason when I > plugged in the new firewall, only the base non-aliased address was > updated in > the ISP switch arp cache (if someone can throw a guess at why, I'm eager > to listen). Well, you need to know what type of switch they had upstream, and why they weren't updating their ARP cache dynamically properly. Perhaps because their cache ttl was too long (due to the type of hardware, or administrative setting). I almost have to assume it wasn't a Cisco... only because I would have expected different behavior (less administrative setting) (this is my personal experience...I'm not trying to favour a brand in any way). Perhaps you could ask them to provide the command they issued to determine how they found the problem. Better yet, ask what type of device your box is connected to at their end of the VLAN. If you can find out what device they have at their end, it may almost be possible to non-destructively, and non-corruptively 'force' them to clear arp-cache remotely, and at the same time provide advice to the non-unscrupulous people who may run into this in the future. I'd be just as interested to know what they had at their end for hardware, as I have been waiting to hear what your resolution was throughout your time consuming troubleshooting... Steve