01-15-2016 08:23 AM
Does anybody know what happens if the limit is reached on the return-mac table?
We have multiple ISPs and can host services on each if we use a PBF rule using symmetric return. However, there is a limit and I can't find any information about what happens when the limit is reached.
The admin guide just says
To determine the next hop for symmetric returns, the firewall uses an Address Resolution Protocol
(ARP) table. The maximum number of entries that this ARP table supports is limited by the firewall
model and the value is not user configurable. To determine the limit for your model, use the CLI
command: show pbf return-mac all.
01-18-2016 12:54 AM
Hi
Once the mac table is full no new mac addresses can be resolved until space becomes available for new entries. Any sessions needing a mac to get resolved for the symmetric-return would get dropped due to the inability to resolve the mac of the destination IP
hope this helps
Tom
01-18-2016 12:54 AM
Hi
Once the mac table is full no new mac addresses can be resolved until space becomes available for new entries. Any sessions needing a mac to get resolved for the symmetric-return would get dropped due to the inability to resolve the mac of the destination IP
hope this helps
Tom
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
