topic Re: VSX - cphaprob -a if show different Required interface on different member cluster in Firewall and Security Management

VSX - cphaprob -a if show different Required interface on different member cluster

Supporto_Checkp — Mon, 10 May 2021 09:33:35 GMT

Hi

we have a vsx clusterXL ,

atm the status is "active/down"

node 1 show MORE interfaces than normal using cphaprob -a if
we have 31 interface ,and this value is correct on noode 2 ,down ATM.

Node 1 report 47 Required interface. it's strange.

All the interfaces are up ,

We can reach every next-hop

NODE1 : active

[Expert@MI-DM-VSX1AOFE1:7]# cphaprob -i list

Built-in Devices:

Device Name: Interface Active Check
Current state: problem (non-blocking)

NODE 2 : DOWN

[Expert@MI-DM-VSX1AOFE2:7]# cphaprob -i list

There are no pnotes in problem state

* Issue 'cphaprob -l list' to show full list of pnotes

NODE 1 : Active

vsid 7:
------
Required interfaces: 9***
Required secured interfaces: 1

bond0 UP sync(secured), broadcast, bond Load Sharing

Virtual cluster interfaces: 6

eth1-02.156 100.97.12.225
eth1-02.1156 100.97.112.225
eth1-02.1106 100.97.110.81
eth1-01.206 100.97.20.81
eth1-03.306 100.97.30.81
eth1-02.106 100.97.10.81

NODE 2 : DOWN

vsid 7:
------
Required interfaces: 1
Required secured interfaces: 1

bond0 UP sync(secured), broadcast, bond Load Sharing

Virtual cluster interfaces: 6

eth1-02.156 100.97.12.225
eth1-02.1156 100.97.112.225
eth1-02.1106 100.97.110.81
eth1-01.206 100.97.20.81
eth1-03.306 100.97.30.81
eth1-02.106 100.97.10.81

[Expert@MI-DM-VSX1AOFE1:7]# cphaprob state

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 10.255.255.77 100% Active Attention
2 10.255.255.78 0% Down

IT's strange because node 2 report the CORRECT number of interfaces ,but probably is down because node 1 "force" to see more interfaces.

Any suggestion ?

they are R77,30 with latest jumbo ;

don't suggest to udpate them : we tried to udpate to 80.40 ( with cpuse and update ,and with fresh install + vsx reconfigure but after the update all the vfw lost every ROUTE so we needed to rollback )

thx

NODE 2 : down

Re: VSX - cphaprob -a if show different Required interface on different member cluster

Martin_Stolz — Mon, 10 May 2021 10:05:36 GMT

First, I would compare the
fw ctl get int fwha_monitor_all_vlan
fw ctl get int fwha_monitor_specific_vlan
fw ctl get int fwha_monitor_low_high_vlans
and
$FWDIR/boot/modules/fwkern.conf
and
$FWDIR/conf/cpha_specific_vlan_data.conf (per VS)
of both cluster members.

Maybe there is a mismatch?

Re: VSX - cphaprob -a if show different Required interface on different member cluster

Supporto_Checkp — Mon, 10 May 2021 12:55:20 GMT

Hi

everything seems fine

[Expert@MI-DM-VSX1AOFE1:0]# cat /var/opt/fw.boot/modules/fwkern.conf
fwha_active_standby_bridge_mode=1
fwha_monitor_if_link_state=1
fwha_mac_magic=130
fwha_mac_forward_magic=129
fwha_add_vsid_to_ccp_mac=1
[Expert@MI-DM-VSX1AOFE1:0]# fw ctl get int fwha_monitor_all_vlan
fwha_monitor_all_vlan = 0
[Expert@MI-DM-VSX1AOFE1:0]# fw ctl get int fwha_monitor_specific_vlan
fwha_monitor_specific_vlan = 0
[Expert@MI-DM-VSX1AOFE1:0]# fw ctl get int fwha_monitor_low_high_vlans
fwha_monitor_low_high_vlans = 1
[Expert@MI-DM-VSX1AOFE1:0]# cat $FWDIR/boot/modules/fwkern.conf
fwha_active_standby_bridge_mode=1
fwha_monitor_if_link_state=1
fwha_mac_magic=130
fwha_mac_forward_magic=129
fwha_add_vsid_to_ccp_mac=1
[Expert@MI-DM-VSX1AOFE1:0]#

[Expert@MI-DM-VSX1AOFE2:0]# cat /var/opt/fw.boot/modules/fwkern.conf
fwha_active_standby_bridge_mode=1
fwha_monitor_if_link_state=1
fwha_mac_magic=130
fwha_mac_forward_magic=129
fwha_add_vsid_to_ccp_mac=1
[Expert@MI-DM-VSX1AOFE2:0]# fw ctl get int fwha_monitor_all_vlan
fwha_monitor_all_vlan = 0
[Expert@MI-DM-VSX1AOFE2:0]# fw ctl get int fwha_monitor_specific_vlan
fwha_monitor_specific_vlan = 0
[Expert@MI-DM-VSX1AOFE2:0]# fw ctl get int fwha_monitor_low_high_vlans
fwha_monitor_low_high_vlans = 1
[Expert@MI-DM-VSX1AOFE2:0]# cat $FWDIR/boot/modules/fwkern.conf
fwha_active_standby_bridge_mode=1
fwha_monitor_if_link_state=1
fwha_mac_magic=130
fwha_mac_forward_magic=129
fwha_add_vsid_to_ccp_mac=1
[Expert@MI-DM-VSX1AOFE2:0]#

$FWDIR/conf/cpha_specific_vlan_data.conf exists only in vs0 and it's empty,all lines commented

Re: VSX - cphaprob -a if show different Required interface on different member cluster

ycapps — Wed, 21 Dec 2022 14:29:15 GMT

Did you figure it out? Seems like we are having the exact problem,

Re: VSX - cphaprob -a if show different Required interface on different member cluster

ftangen — Fri, 22 Sep 2023 20:12:43 GMT

Me to - we are having simmilar issues

Re: VSX - cphaprob -a if show different Required interface on different member cluster

Chris_Atkinson — Sun, 24 Sep 2023 00:42:54 GMT

Does the issue persists following a reboot?

In the GAiA configuration for each member how many interfaces have 'state on' set?

With reference to sk94545 what is the status of your bonds and the relevant config file(s)?