Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NorthernNetGuy
Advisor
Jump to solution

ClusterXL Addressing

I'm having trouble identifying if the ClusterXL ipv4 address in the general properties is supposed to match up a VIP  under network management.

The deployment I'm working on has the clusterXL IPv4 address different from any of the defined VIPs, and as such isn't tied to any interface, so it doesn't respond to pings and such. The self signed certificates reference this address as well, and I'm unsure if that's what's causing problems with Identity collector and agents.

Is this normal, or should the ClusterXL address be the same as one of the VIPs for a defined interface (i.e internal interface vip)?

Thanks

1 Solution

Accepted Solutions
_Val_
Admin
Admin

Okay, I see you issue better now. You are using an IP address for the cluster object that ends with .5. It does not belong to any NIC or VIP. Of course it won't work. Change it to .3

View solution in original post

0 Kudos
7 Replies
_Val_
Admin
Admin

It is a common practice to use the same IP subnet for both physical NIC IPs and VIP. However, you can also use one or more VIPs that belong to some other IP segments.

In such cases you have to make sure the physical machines have static host routes pointing VIP on the member's physical NIC IP address. If you did not do that, you will not be able to ping VIP, and some other networking issues are expected if VIP is being used to connect. 

0 Kudos
NorthernNetGuy
Advisor

We do follow that practice. All our VIPs are in the same subnet as their physical interfaces.

I think it will be easier to show than explain:

The IPv4 under general properties is the IP address used as the  SAN ip address (in the generated self signed certificate in IPSec VPN). This address is not tied to any interface. I'm wondering if it should be changed to the VIP of the related subnet.

0 Kudos
_Val_
Admin
Admin

Okay, I see you issue better now. You are using an IP address for the cluster object that ends with .5. It does not belong to any NIC or VIP. Of course it won't work. Change it to .3

0 Kudos
NorthernNetGuy
Advisor

As this is the Cluster object, should it not be the VIP (.3) and not the .7 that is for one of the physical gateways?

_Val_
Admin
Admin

Yes, my mistake, .3 of course. Use VIP for the cluster object. Use physical IP addresses for representing the cluster members.

0 Kudos
NorthernNetGuy
Advisor

Just an Update. I've changed the addressing to match the VIP, renewed the L2TP certificates related to it, and everything is working smoothly.

_Val_
Admin
Admin

As it should. I am grad you have figured it out

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events