Flooding

Hi All

I have the following topology

FW1 FW2
  | |
R1 -------- R2

R1 and R2 are sending traffic to VRRP address sitting between FW1 and FW2,
where FW2 is the Master.
R1 and R2 are running HSRP and R1 is the Active router.
What I am seeing is that R1 sends traffic as normal through R2 to FW2.
However every 5 minutes the MAC for vlan 10 ages out and all traffic is
flooded out of all interfaces,
thereby sending traffic to FW1 which is the backup firewall and should never
see traffic.
I have read info regarding HSRP and Unicast flooding and the recommendation
is that the
ARP timer is configured less than the MAC aging timer. I dont think this
problem is the same as what I am seeing

I don't understand why the MAC for the VRRP address is being aged out in the
first place.
FW2 is sending out a gratuitous ARP with a source of the VRRP MAC every 30
seconds which is going all the way through to FW1, so R1 should see this and
not age out the VRRP MAC?
I used the following command to increase the aging timer for vlan 10 but the
MAC is still aged out every 5 minutes

mac-address-table aging-time 600 vlan 10

Any advice would be greatly appreciated.

Thanks

Muzammil

Blogs and organic groups at http://www.ccie.net
Received on Fri May 14 2010 - 10:59:42 ART