RE: [FW1] Nokia failover

McMeekin, Scott Tue, 23 May 2000 02:52:24 -0700

        >>6.4.3   Master 

        >>   While in the {Master} state the router functions as the
forwarding 
> >>   router for the IP address(es) associated with the virtual router. 
> 
        >>   While in this state, a VRRP router MUST do the following: 

        >>    - MUST respond to ARP requests for the IP address(es)
associated 
> >>      with the virtual router. 
> 
        >>    - MUST forward packets with a destination link layer MAC
address 
> >>      equal to the virtual router MAC address. 
> 
        >>    - MUST NOT accept packets addressed to the IP address(es)
associated 
> >>      with the virtual router if it is not the IP address owner. 
> 
        >I believe what they are talking about is the MUST NOT line.  In a
VRRP MC config there won't be an IP address owner of the VRRP ip address.
It is purely a virtual IP.

        >Since HSRP is private Cisco can do anything they want with it. 

        Well we're in the realms of academic discussion here, but since it's
pertinent to fw-1 (sort-of), I'll continue. In an MC setup, say you have a
primary and a secondary firewall participating in VRRP across the same
subnet. The primary firewall will effectively "own" or handle all ARP
requests for the virtual IP, it routes all traffic for the VIP, so why can't
it respond to pings? 


> ********************************************* 
> Paul Keser 
> Network Security Engineer 
> [EMAIL PROTECTED] 
> tel:   415.351.4037 
> fax:  415.474.6017 
> 
> ShopExpert.com 
> 1375 Sutter Street, Suite 400 
> San Francisco, CA  94109 
> ********************************************* 
> 


The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office: 
36 St Andrew Square, Edinburgh EH2 2YB.

The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment 
Authority.

This e-mail message is confidential and for use by the addressee only.  If the message 
is received by anyone other than the addressee, please return the message to the 
sender by replying to it and then delete the message from your computer.

'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not 
accept responsibility for changes made to this message after it was sent.'


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] Nokia failover

Reply via email to
