topic Re: Maestro: Routes gone after a Management interface change in Hyperscale Firewall (Maestro)

Maestro: Routes gone after a Management interface change

blito — Mon, 12 Jun 2023 04:14:14 GMT

Hi team,

I have changed the management bond primary from one interface to another as trying to fix another issue that I'm working with TAC.

Basically I have changed on the SMO via gclish

from

set bonding group 0 primary eth2-Mgmt1

set bonding group 0 primary eth1-Mgmt1

Which seems that has solved my original issue but caused another one.

Basically all my VSX routing table including my default route has dissapeared from the routing table. The configuration is still there.

# ip route

10.xx.255.0/24 dev magg0 proto 7 scope link

192.0.2.0/24 dev Sync proto kernel scope link src 192.0.2.1

198.51.101.0/25 dev eth1-CIN proto kernel scope link src 198.51.101.1

198.51.101.128/25 dev eth2-CIN proto kernel scope link src 198.51.101.201

Where my gclish configuration has a bunch of routes

set static-route default nexthop gateway address 10.xx.255.15 on

set static-route 10.xy.64.0/24 nexthop gateway address 10.xx.255.1 on

set static-route 10.xy.255.0/24 nexthop gateway address 10.xx.255.1 on

set static-route 10.xx.64.0/24 nexthop gateway address 10.xx.255.15 on

set static-route 10.xx.255.0/24 nexthop gateway logical magg0 on

set static-route 10.xx.255.0/24 scopelocal on

I tried to using fw -d fetch local

And because I dont have a route to the manager, I cannot manage it from the Manager and cannot push policy to restore the routes from there.

I'm running R81.10 Take 95.

MHO is MHO-140 (2 units)

and the GWs are 6200 (2 units)

Re: Maestro: Routes gone after a Management interface change

Dario_Perez — Mon, 12 Jun 2023 13:29:16 GMT

if is VSX did you ran

set vsx off?

also are you checking on right VS?

10.xx.255.0/24 dev magg0 proto 7 scope link

192.0.2.0/24 dev Sync proto kernel scope link src 192.0.2.1

198.51.101.0/25 dev eth1-CIN proto kernel scope link src 198.51.101.1

198.51.101.128/25 dev eth2-CIN proto kernel scope link src 198.51.101.201

seems to be routes for VS0

and

set static-route default nexthop gateway address 10.xx.255.15 on

set static-route 10.xy.64.0/24 nexthop gateway address 10.xx.255.1 on

set static-route 10.xy.255.0/24 nexthop gateway address 10.xx.255.1 on

set static-route 10.xx.64.0/24 nexthop gateway address 10.xx.255.15 on

set static-route 10.xx.255.0/24 nexthop gateway logical magg0 on

set static-route 10.xx.255.0/24 scopelocal on

seems as route per vs

also you can't add routes on VSX you can just have default routes, the others routes have to be configured at Smartconsole and you can compared using vsx_util view_vs_conf

Re: Maestro: Routes gone after a Management interface change

blito — Mon, 12 Jun 2023 21:54:19 GMT

Thanks Dario.

I have not tried that.

TAC has come back and basically the only solution is to reboot or cpstop/cpstart so it will pick up from the configuration.

Although I have found a workaround yesterday which is basically add the needed routes at the OS level. Interesting enough the routes need to match whatever is in the configuration or they dont get added.

Re: Maestro: Routes gone after a Management interface change

blito — Mon, 12 Jun 2023 22:01:28 GMT

TAC has come back and basically the only solution is to reboot or cpstop/cpstart so it will pick up from the configuration.

However I have found the following workaround, which can be used to restore management.

Since they do exist in global routing table and in file routed0.conf we can add them manually using ip route add

route add default gw 10.xx.255.15 magg0

ip route add 10.xy.255.0/24 via 10.xx.255.1 dev magg0

etc.

As I mentioned this is a workaround. I didnt add all the routes listes on routed0.conf on purpose so I could check if pushisng policy will restore them all however this didnt work.

To fix permanently a reboot at this stage is the only permanent solution.