What is GARP and why it is sent during an HA-Failover?

What is GARP and why it is sent during an HA-Failover?

4237
Created On 01/29/23 18:35 PM - Last Modified 07/18/23 03:01 AM


Question


What is GARP and why it is sent during an HA-Failover?

Environment


  • Palo Alto Firewalls
  • PAN-OS 9.1, 10.1, 10.2
  • High Availability (HA) Active/Passive.
  • GARP (Gratuitous ARP)

Answer


  1. When the sender's IP address or MAC address changes, Gratuitous ARP (GARP) is used to update the ARP tables of the hosts in a Broadcast Domain. GARP is also used to detect IP conflicts and during HA fail-overs.
  2. We can see the GARP transmitted from the active firewall to the passive firewall in the pan_dha.log on active firewall and routd.log on the peer device during the failover.
  • pan_dha.log (less dpx-log pan_dha.log)
+0200 Send gratuitous ARP for virtual address (IP 134.184.119.238 MAC b4:0c:15:e0:30:15) on interface ae6.2544
  • routed.log (less mp-log routed.log- on the new Active device to see if it detects an HA status event change.
+0200 Received dp HA status 'sw.dha.status' event change
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sah9CAA&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail