On a Hot Standby Network, Which Packets Are Used by Upstream and Downstream Layer-3 Devices to Learn the MAC Address of a Virtual IP Address?
To forward packets, upstream and downstream Layer-3 devices look up the routing table for the next hop, that is, the virtual IP address of the VRRP group. Then the devices look up the ARP table for the MAC address of the virtual IP address. If no match is found, the devices broadcast an ARP request. Only the active firewall responds to ARP requests.
In the ARP reply, the source MAC address in the Ethernet header is the MAC address of the interface that sends the reply, and the sender MAC address in the reply payload is the virtual MAC address of the VRRP group. Upstream and downstream Layer-3 devices learn the virtual MAC address mapped to the virtual IP address through the ARP reply.
Upstream and downstream use the virtual MAC address as the destination MAC address when sending packets to the firewall.