In a Layer 3 interface deployment with active/active HA configuration, when should ARP load-sharing be used?

When considering the use of ARP load-sharing in a Layer 3 interface deployment with an active/active high availability (HA) configuration, it is essential to focus on the network architecture involving firewalls and end hosts. ARP load-sharing should be implemented when there is no Layer 3 device between the firewall and end hosts. In this scenario, the end hosts communicate directly with the firewalls without any intermediary devices that might manage or influence address resolution.

The absence of a Layer 3 device facilitates the direct handling of ARP requests by the end hosts, allowing them to discover and use both firewalls as gateways. This enables effective load-sharing of outbound traffic across the active connections established through both firewalls. Since the end hosts are aware of both firewalls as their gateways through ARP, they can alternate their requests between them, achieving better distribution of traffic and redundancy.

In situations where there is a Layer 3 device between the firewall and end hosts, this device may respond to ARP requests and could potentially interfere with the load-sharing process, thus limiting the effectiveness of the setup. Likewise, if end hosts do not recognize the firewall or require multiple gateways, those conditions do not specifically leverage the advantages of ARP load-sharing as described in the