Forum Discussion

mfkk531_168091's avatar
mfkk531_168091
Icon for Nimbostratus rankNimbostratus
May 03, 2018

Config-Sync Disconnected, Devices can ping each other briefly during a shutdown/reboot.

I'm having a strange issue -

 

 

HA pair bigip01 and bigip02 - These devices cannot ping each others' cfg-sync IPs. However when i reboot either one of those while running a continuous ping, it works for about 30-45seconds while the device is trying to come up (at the end of the reboot).

 

Thoughts?

 

application delivery
BIG-IP
LTM
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    May 03, 2018

    Hello,

     

    Can you confirm the following point:

     

    You use a dedicated vlan for HA.

     

    Port lockdown of your HA self IP is set to "Allow all" or "Allow Default"

     

    Packet filter is disable.

     

    Last point is Virtual edition or hardware device?

     

    Regards

     

  • mfkk531_168091's avatar
    mfkk531_168091
    Icon for Nimbostratus rankNimbostratus
    May 03, 2018

    Yes I use a dedicated vlan

     

    Yes it’s allow all

     

    Packet filter - Where do I check this ?

     

    It’s a vcmp guest with bigip01 on host1 and bigip02 on host 2

     

    We have 5 guests and problem is seen only on 1 guest. All guests use the same trunk which has interface from each blade connected directly.

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    May 03, 2018

    Hello,

     

    Did you try to reach the other Guest trough HA VlAN (I suppose that other Guest use the same vlan for HA?)

     

    I just would to target the deffective device.

     

    from bigip01 try to ping another Guest hosted on Host2.

     

    from bigip02 try to ping another Guest hosted on Host1.

     

    Regards

     

  • mfkk531_168091's avatar
    mfkk531_168091
    Icon for Nimbostratus rankNimbostratus
    May 03, 2018

    We use separate vlans for each guest pair. All the vlans however are tagged to the same trunk

     

  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    May 03, 2018

    you can do a simple test without impact. Add your deffective HA vlan to another Guest an create a self IP on this other Guest and try to reach IT from deffective device.

     

    from bigip01 try to ping another Guest hosted on Host2 (after creating a self ip).

     

    from bigip02 try to ping another Guest hosted on Host1 (after creating a self ip).

     

    this will also allow us to validate that the VLAN is well propagated network side. And check if all your guest can't reach this vlan or just the 2 in questions...

     

  • RaghavendraSY's avatar
    RaghavendraSY
    Icon for Altostratus rankAltostratus
    May 03, 2018

    Hi,

     

    You are able to do a telnet on port 443 for sync IP's from active to standby and vice versa?

     

    Try with different VLAN for Synchronization and see whether it works?

     

  • AtulAnand's avatar
    AtulAnand
    Icon for Altostratus rankAltostratus
    Aug 01, 2019

    We have same issue on 7th pair between 2 vCMP guests.

    There are 8 on each chassis, issue on single pair.

     

    Reloaded both devices and tried to force sync both pair.

     

    Also, This is intermittent. Earlier a crypto db value was asked to be set to 0 for same issue on another pair on another chassis for a known BIG-ID affecting it.

     

    This device has db crypto value 0 already ... Running on 12.1.4

     

    We also see a ssl_shim_vfycerterr