When AR2831A and AR2831B run VRRP on the network, pinging the VRRP virtual address from the WLB server results in packet loss. The ping delay is long. A loop may occur. After ARP check is enabled on the AR2831, the WLB server is unreachable. When only one AR2831 works on the network, this problem does not occur. (See the attachment for the topology.)
Use the following commands on both routers:
acl number 3001
rule 10 permit ip destination 10.203.16.1 0
rule 20 permit ip destination 10.203.16.2 0
rule 30 permit ip destination 10.203.16.3 0
rule 500 deny ip destination 10.203.16.0 0.0.0.127
firewall packet-filter 3001 inbound
undo icmp unreach sendundo icmp redirect send
1、When AR2831A ETH0/0 sends a packet with the destination IP address Cluster IP, destination MAC address 03bf-ac21-2eXX, and TTL 255.
2、Because the packet sent by AR2831B ETH0/0 is a multicast packet, AR2831B ETH0/0 receives the packet. By searching the routing table, AR2831B ETH0/0 deducts one from the TTL (254). AR2831B forwards the TTL (=254) to the WLB server. Meanwhile, the destination MAC address is still 03bf-ac21-2eXX. Because the incoming and outgoing interfaces are the same, AR2831B also sends an ICMP redirect packet to AR2831A.
3、AR2831A ETH0/0 will receive the multicast packet sent from the AR2831B. Also, AR2831A will deduct one from the received TTL (253) and send the TTL (253) to the destination MAC address 03bf-ac21-2eXX as well as send an ICMP redirect packet.4、AR2831B will receive the packet (sent in step 3) and continue to process it (similar to step 2) until TTL is equal to 0. In this case, it seems that a loop occurs. If there are multiple packets, a longer delay or packet loss occurs.