Is there any way to use the proxy arp feature of Vyatta on the virtual IP (using either VRRP or Clustering) rather than directly on the physical interface? Or any workarounds to achieve the same function?
Background; I just finished setting up a "drop-in" Vyatta firewall using two interfaces configured with the same /24 network on both sides using Proxy Arp. The Proxy Arp works great when using a single Vyatta box, but in HA using VRRP and/or Clustering, both boxes answer arp requests with different MAC addresses, resulting in some traffic going through the primary box and some through the standby box.
Also, this might create problems with ARP caching if one of vyatta boxes goes down. If the proxy arp feature could be used with the virtual IP instead, then this potential problem wouldn't exist.
Any ideas? Thanks!
Old thread, I know, but we now have a renewed interest in this particular setup...
Any news here regarding the proxyarp feature in Vyatta, where the proxyarp feature is cluster-aware and only used on the active box in a HA setup? Maybe even using a virtual mac address between the boxes would be sweet.
This may be of interest to you - http://bugzilla.vyatta.com/show_bug.cgi?id=5707 Fix is available in current development branch (i.e. oxnard), so you can build an iso to try it out. Build instructions are available here - http://git.vyatta.com/git/?p=build-iso.git;a=blob;f=README;h=104208943d0dee764430d8dd3e69b1e60695b6e4;hb=refs/heads/oxnard
Or get an un-official compiled iso image here:
http://ftp.het.net/iso/vyatta/
I am normally uploading each weekend 32&64 bit builds.