LVS-DR, Cisco switch, and ARPtables

["Brett Simpson" <simpsonb@xxxxxxxxxxxxxxxxxxxxxx>]

I'm trying to configure a Linux Director for localnode to itself 
(172.27.21.211:8080) and LVS-DR to another Realserver (172.27.21.212:8080). I'm 
handling the ARP problem on 172.27.21.210:8080 (the load balanced IP) by using 
Arptables.

# arptables -L -n
Chain IN (policy ACCEPT)
target     source-ip            destination-ip       source-hw          
destination-hw     hlen   op         hrd        pro
DROP       0.0.0.0/0            172.27.21.210        00/00              00/00   
        any    0000/0000  0000/0000  0000/0000

Chain OUT (policy ACCEPT)
target     source-ip            destination-ip       source-hw          
destination-hw     hlen   op         hrd        pro
DROP       0.0.0.0/0            172.27.21.210        00/00              00/00   
        any    0000/0000  0000/0000  0000/0000

The problem is I can ping 172.27.21.210 from every subnet (all the ones I could 
try) except the 172.27.21.x.

A client (172.27.21.205) shows 172.27.21.210 with an (Incomplete) for the MAC 
address.

If I remove 172.27.21.210 on the Director and add it back, issuing a gratuitis 
ARP, then the client gets the correct MAC address for 172.27.21.210 and is able 
to ping ok. This lasts for about 2 minutes before it gets an incomplete for the 
MAC again and I can't ping it.

Is this an arp caching problem on my Cisco switch?  Should I use something 
other than Arptables to handle the arp problem?

Thanks,
Brett