Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Behavior of ASIC ARP entry creation and deletion

0

0

Article ID: KB26309 KB Last Updated: 23 Nov 2012Version: 1.0
Summary:
This article describes the behavior of ASIC ARP entry creation and deletion and how they work together with the software ARP entry.  This article is applicable to all products with ASIC hardware.
Symptoms:
The behavior of ASIC ARP entry creation and deletion and how they work together with the software ARP entry.
Cause:

Solution:
Software ARP entry and session creation:

When ISG receives the first packet, ISG will first try to create a software session. During this step, ISG will look up the software ARP table to confirm the software ARP entry of the outgoing interface. If a corresponding ARP entry does not exist, the ARP request will be sent out.
<get arp>
always-on-dest: disabled
-----------------------------------------------------
IP Mac VR/Interface State Age Retry PakQue Sess_cnt
-----------------------------------------------------
150.1.1.3 0090ccc4cbc1 trust-vr/eth1/1 VLD 932 0 0 1
200.1.1.2 0010dbbc6087 trust-vr/eth1/2 VLD 349 0 0 1

<get session>
alloc 1/max 524288, alloc failed 0, mcast alloc 0, di alloc failed 0
total reserved 0, free sessions in shared pool 524287
slot 2: hw0 alloc 1/max 524287id 524282/s0*,vsys 0,flag 08200400/0000/0003/0000,policy 1,time 180, dip 2 module 0
if 7(nspflag 800001):150.1.1.3/1530->200.1.1.2/23,6,0090ccc4cbc1,sess token 3,vlan 0,tun 0,vsd 0,route 9,wsf 0
if 8(nspflag 10800000):200.1.1.1/42200<-200.1.1.2/23,6,0010dbbc6087,sess token 4,vlan 0,tun 0,vsd 0,route 7,wsf 0
Hardware ARP entry and session creation

When a new software ARP entry is added, ISG will try to add a new ASIC ARP entry. ISG will add the new ARP entry to the head of the hash list. When ISG tries to find
an ASIC ARP entry for the creation of the hardware session, ISG will begin from the head of the hash list; so ISG will find the latest added entry.

Note: ISG will delete old ASIC ARP entries with the same (IP + interface), before adding a new ASIC entry with the latest 5.4, 6.2, and 6.3 versions.
<get arp asic 0>
Arp entries on ASIC chip(s)
L2idx IP Dst_Mac Interface Src_Mac Vlan Sat Flag Ref_cnt
5 150.1.1.3 0090ccc4cbc1 eth1/1 0010dbb6cb87 0 0 0x2 0;
4 200.1.1.2 0010dbbc6087 eth1/2 0010dbb6cb88 0 0 0x2 0;
Then, ISG will try to create a corresponding hardware session. During this step, ISG will look up the ASIC ARP table and store the IDx of the ASIC ARP entry in the hardware session.

<get session hardware>
Chip 0 on slot 2 hardware sessions:
Max sessions: 524287, used: 1, free: 524286
chip 0,slot 2,idx 1,flag 0x40,diff (0/0),pid 1,time (3662/180/180),ssid 524282
7(1):150.1.1.3/1530->200.1.1.2/23,6,token:3,l2:(b:1:4),vl:0,sa:0,vsd:0,L2 xl:1
bcnt:1670, vect:0, fin_seq:0x3D9050CA, fst:0, flag:1,wsf 0
8(1):200.1.1.1/42200<-200.1.1.2/23,6,token:4,l2:(b:0:5),vl:0,sa:0,vsd:0,L2 xl:1
bcnt:2138, vect:0, fin_seq:0x90E9FFC8, fst:0, flag:1,wsf 0
hw sess:0x88000100, ext hw sess:0x88000180, cnt:898
shadow sess:0x04f24358, hash:00253d65, hash1:003fe134, shadow flag:0x10
nat_flag:0x40, next id:00000000(0), next id1:00000000(0), prev id:00000000(0), prev id1:00000000(0)
twin 0x0, forw1 0x0, forw2 0x0, sw sess:0x191164b0, policy 0xa4940c0

Once the hardware session is established, ISG will not check either software arp table or
ASIC arp table unless arp is change or timeout.
ARP entry and session deletion:

When deleting an ARP entry from both the software and hardware ARP table, the entry is deleted as per the following procedure:

  1. Mark the software ARP entry in the DEL status.

  2. Delete the corresponding hardware ARP entry.

    Note: ISG will delete all ASIC ARP entries with the same (IP + interface) with the latest 5.4, 6.2, and 6.3 versions.

  3. The software session is updated, if the reference count of this ARP entry is not zero.

  4. When the software ARP entry’s reference count becomes zero, the software ARP entry is deleted.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search