Hi NiHo,
Situation with MAC Masquerading
Every floating Self IP in the cluster has the same MAC address. Not sure about the vIPs. During failover, the switches need not learn a new MAC address but just learn it's now available on a new switch. (in our case, L3 switches with OSPF)
This is not totally correct. The individual floating IPs in a cluster can still have different MACs, since its not the cluster that sticks to the Masquerade-MAC. Its more or less just a given Traffic-Group and each of its ressources (floatings, VIPs, etc.) that uses this Masquerade-MAC for network communications. And each traffic-group on a cluster can have a unique Masquerade-MAC setting which will then become inheriteted to the attached ressources...
So how do vIPs fit in the mac masquerade story? And how do switches learn the vIPs/floating Self IPs are now on this port without gARPs? The DevCentral articles do not discuss this in great detail.
The Masquerade-MAC feature still uses gARPs, but in this case the gARP is only required to overwrite Layer2 CAM-tables of the connected switches (this will cause a one-time Port-Flap during failover events) but without the need to overwrite the MAC-tables of each HOST within the broadcast domain (the ARP entry remains the same after the failover).
In the end the Masquerade-MAC feature makes failover much less error prone (e.g. paket loss / collisions), since a single successful gARP regarless for which VIP, Floating, etc. would be enought to inform the entire network that a failover has been occoured. Without Masquerade-MAC each single VIP, Floating, etc. MUST be gARP anounced and each directly connected HOST much receive and update their own MAC-table.
Buttomline: Always use the Masquerade-MAC feature. It makes the stuff much more robust and future device migrations much easier... ;-)
Cheers, Kai
Cirrostratus
