Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

After failover from A to B,the traffic is not flowing to B

Santhosh0991
Nimbostratus
Nimbostratus

‎14-Jun-2021 11:16

Even after the failover from A to B is fine, the traffic doesn't flow through B, I have checked for both traffic groups where masquerade is enabled and other is not, same behaviour

Labels:
0 Kudos
5 REPLIES 5

AlexBCT
MVP
MVP

‎15-Jun-2021 06:06

Hi,

 

It could be caused by a number of different things, here are a couple of tips that can hopefully help you isolate the problem;

 

  • In the B box, do you have any entries in the TMOS arp table? (i.e. can the box see its neighbours? - "tmsh show net arp")
  • Can you reach box A over different interfaces? (e.g. internal / external / ha) this again to confirm that box B does have network access.
  • Can you reach the gateway from box B and can the gateway reach you?
  • Have the same routes been configured in box A as in box B? (in CLI; "route -n" and "tmsh show net route")
  • Have any of the self IP's been accidentally configured on "traffic-group-local-only", rather than the floating traffic group?
  • Are any of the virtual servers using the IP address of any non-floating IP's?
  • If traffic is coming in, but not going back out, check the routing on your backend servers and/or SNAT configuration.

 

These are just some ideas from the top of my head. Hope there is something useful in here.. 😉

0 Kudos

Santhosh0991
Nimbostratus
Nimbostratus

‎15-Jun-2021 07:04

Hello Alex BCT, thanks for your suggestions, but all the scenarios are there configured , but still we faced the issue

0 Kudos

AlexBCT
MVP
MVP
In response to Santhosh0991

‎15-Jun-2021 07:17

Hmm, interesting! Though I very much doubt you'd agree with me... 😉

 

What platform are you running on? Is it hardware or VM's? If you are running VM's on VMware, you can check the security settings; https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-891147DD-3E2E-45A1-9B50-7717C3443DD7.html -

Doing a failover especially with MAC masquerading enabled can cause trouble because VMware stops sending traffic to the vSwitch port as it thinks that someone is either hijacking the MAC address or jumping between MAC addresses. - Temporary disabling these security features can help you troubleshoot this.

 

If hardware devices, have a look at the physical interface configuration and the switch configuration to make sure those are fine.

 

If no luck, if you do a tcpdump on the B device, do you see traffic coming in at all? Any ARP requests? And when you ping the B device from the gateway, does the gateway get the MAC address from the B device / traffic group?

 

0 Kudos

Santhosh0991
Nimbostratus
Nimbostratus

‎15-Jun-2021 07:39

its a vcmp guest running on a vipriion 2200/2400 platform- we have masquerdaes MAC and non Masqurade MACs as well, both caused issues

FYI, physical interaces was OK,

also i noticed, STATS were present on the VIPS at B side, but apps werent accessbile, so i suspect something was going to A side as well?

0 Kudos

AlexBCT
MVP
MVP
In response to Santhosh0991

‎15-Jun-2021 08:17

Ah, good to know 😉 Sounds like it is a bit more complex environment than initially thought. I'd recommend raising a support ticket and go through a structured troubleshooting process to get to the bottom of it.

0 Kudos
Copyright © 2023 Khoros, LLC