01-11-2014 12:44 PM
Hi All
I'm just wondering, if I'm using layer-3 sub-interfaces in active/active mode, is it possible to create ARP load-sharing for each sub-interface on both PA.
by EX: sub-interface 1.102 with IP address 192.168.102.2 on PA-1 and 192.168.102.3 on PA-2 ARP IP 192.168.102.1
sub-interface 1.110 with IP address 192.168.110.2 on PA-1 and 192.168.110.3 on PA-2 ARP IP 192.168.110.1
is that possible?
Regards,
Maher
01-11-2014 08:59 PM
Hello Mehar,
ARP load sharing is only really effective with directly connected clients over L2. The basic recommendations are given below,
a. HA cluster is not deployed in a layer 3 sandwich
b. No layer 3 separation between the hosts in the LAN and HA cluster. Since the HASH of the MAC address in the ARP request is used to for load sharing, a layer3 device between the hosts and cluster will defeat this purpose, because the HA c. The cluster will only see the MAC address of the router.
If your clients are connected through those sub-interfaces within the same L-2 networks, then as per my understanding it should work. But, I never tried this
.
Thanks
01-12-2014 05:55 PM
Yes, arp load sharing configuration is possible in Active/Active clusters. See DOC-2541 on page 18 and following for the configuration example. This was released for PanOS 4. I can't find an updated version, but this should still work as designed with the newer releases.
Configuring Active/Active HA PAN-OS 4.0
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
