ARP load sharing

Showing results for 
Show  only  | Search instead for 
Did you mean: 

ARP load sharing

Not applicable

We are planning to set up HA in Active Active mode.  The boxes sit in separate locations with Layer 2 network between them.  Currently our guest Network site on our second PA-2020 with our LAN on the first.  Wer had to put the guest Network on second box as we had an issue where we was filling the arp table.

When you run Active Active how does arp load sharing work?  Do you get twice the size arp table?  If one firewall went down do and all traffic is hitting one firewall   do you still get twice the arp table?

Hope this makes sense.


L5 Sessionator


Regardless of A/P or A/A high availability. Both the devices should never be configured to handle the load of more than one device. In case one device goes down the other will have to handle the load of both the devices. The table size will not increase with A/A for a single device. Hopefully this makes things more clear.

Please let us know if this helps.

Thank you


A workaround could be to have the switch/routers before/after your cluster of PA's to do the loadsharing instead.

This way each PA is a standalone setup (you can use Panorama to get the same security policies out to the boxes) as described in: (this can of course be aschieved with other components than Arista equipment - as long as your aggregated interfaces uses srcip as loadsharing hash on one end and dstip on the other, that is so the traffic will always takes the same path until that path fails and gets loadbalansed to another path)

The drawback is of course if you have fully utilized both paths and one path fails then you will get packetdrops because there is not enough of bandwidth available between outer and inner router/switches.

Another drawback is because each box is standalone then there is no session sync which gives that when box1 fails and all traffic goes through box2 then the clients who previously had their sessions through box1 will have dropped sessions and must reinitialize (which shouldnt be a problem but there are plenty applications out there who just cannot deal with that their tcp session suddently must reinitialize).

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!