Home Forums HAast (High Availability for Asterisk) Installation & Upgrade Traffic not flowing after IP address move between peers Reply To: Traffic not flowing after IP address move between peers

Avatar photoTelium Support Group
Participant
December 6, 2016 at 1:00 am
Post count: 262
#6652

There are several potential causes for this problem, but the most likely is that a switch somewhere between your PBX’s and your default gateway is not updating its ARP table. The ARP table associates your IP address with your MAC address, so it’s still trying to send traffic for the shared IP address to the old PBX’s MAC address (which is no longer active)

When sharing an IP you should configure HAAst to issue ‘ARP Updates’ every time the shared IP address moves. This is configured in the haast.conf file in the ‘voipnic’ stanza, with the ‘arpupdate ‘ key setting (set it to true). Once set to true, HAAst will broadcast to all switches, routers, etc. that the IP address has moved and is now associated with a new MAC address.

This setting solves the problem 99% of the time; however, your switch may be ignoring the update. This might happen for one of several reasons:

  1. Switch Security Lockdown: To prevent malicious ARP attacks some switches have locked ARP tables. This means that the network administrator must allow the switch to accept ARP updates for the IP in question.
  2. Switch Security Limits: Some switches limit the number of ARP updates to X per minute. If you are experimenting with failover you may have reached the security limit of your switch. Again, the network administrator has to allow more frequent ARP updates for that IP/MAC.
  3. Buggy Switch Firmware: Some (particularly old HP or cheap no-name) switches do not handle ARP updates properly. The only solution is to update the switch firmware or look for a new switch.

If you are running HAAst in a cloud/hosting data center, it is common for the data center to lock down ARP tables to prevent malicious/misbehaving clients from affecting their general network. In such cases you will have to notify the data center admin of why you need to permit ARP updates, and possibly for which MAC/IP addresses. Most commercial data centers understand high availability and will have no problem accommodating your request.