14-Jun-2021 11:16
Even after the failover from A to B is fine, the traffic doesn't flow through B, I have checked for both traffic groups where masquerade is enabled and other is not, same behaviour
15-Jun-2021 06:06
Hi,
It could be caused by a number of different things, here are a couple of tips that can hopefully help you isolate the problem;
These are just some ideas from the top of my head. Hope there is something useful in here.. 😉
15-Jun-2021 07:04
Hello Alex BCT, thanks for your suggestions, but all the scenarios are there configured , but still we faced the issue
15-Jun-2021 07:17
Hmm, interesting! Though I very much doubt you'd agree with me... 😉
What platform are you running on? Is it hardware or VM's? If you are running VM's on VMware, you can check the security settings; https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-891147DD-3E2E-45A1-9B50-7717C3443DD7.html -
Doing a failover especially with MAC masquerading enabled can cause trouble because VMware stops sending traffic to the vSwitch port as it thinks that someone is either hijacking the MAC address or jumping between MAC addresses. - Temporary disabling these security features can help you troubleshoot this.
If hardware devices, have a look at the physical interface configuration and the switch configuration to make sure those are fine.
If no luck, if you do a tcpdump on the B device, do you see traffic coming in at all? Any ARP requests? And when you ping the B device from the gateway, does the gateway get the MAC address from the B device / traffic group?
15-Jun-2021 07:39
its a vcmp guest running on a vipriion 2200/2400 platform- we have masquerdaes MAC and non Masqurade MACs as well, both caused issues
FYI, physical interaces was OK,
also i noticed, STATS were present on the VIPS at B side, but apps werent accessbile, so i suspect something was going to A side as well?
15-Jun-2021 08:17
Ah, good to know 😉 Sounds like it is a bit more complex environment than initially thought. I'd recommend raising a support ticket and go through a structured troubleshooting process to get to the bottom of it.