Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
GARP For Non Ethernet assigned IP addresses - Knowledge Base - Palo Alto Networks

GARP For Non Ethernet assigned IP addresses

24578
Created On 04/10/19 09:25 AM - Last Modified 02/02/21 06:24 AM


Symptom


When HA failover happens, The new active PA sends Gratuitous ARP (GARP) to update L2 and ARP table of neighboring devices. These GARP are for actual dataplane (DP) interface IP address only. For Non-DP interface IPs like loopback IP and NAT addresses, the PA  do not send GARP.
 

Environment


In the case of VM series   with "Use Hypervisor Assigned MAC Addresses" and having Non-DP IP that falls into the interface's subnet, it is recommended to either.

1- Configure Non-DP interface IPs as a secondary IP on DP interfaces
OR
2- Make sure Non-DP interface IPs doesn't fall into DP interface's subnet and use static or dynamic routing on  the neighbor network device

In order to avoid  the risk of packets drop until TTL for ARP cache expired on the neighbor network device after an HA failover 
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,684
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLVICA4&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language