Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Stephen_Moreau
Participant
Jump to solution

Odd cphaprob output

Having an unusual issue with a cluster firewall interface. Firewall was rebooted and post reboot one side of the sync interface is showing an issue where the inbound is up but the outbound is down. The other side is UP & UP.

fw1-cxl1:0]# cphaprob -a if

Required interfaces: 7
Required secured interfaces: 1

eth7 Inbound: UP Outbound: DOWN (6062.3 secs) sync(secured), multicast
eth5 UP non sync(non secured), multicast (eth5.71 )
bond2 UP non sync(non secured), multicast, bond Load Sharing (bond2.32 )
bond0 UP non sync(non secured), multicast, bond Load Sharing (bond0.17 )
bond1 UP non sync(non secured), multicast, bond Load Sharing (bond1.80 )
bond0 UP non sync(non secured), multicast, bond Load Sharing (bond0.245 )
eth5 UP non sync(non secured), multicast (eth5.246 )

Any obvious (to you!) ideas what might cause this before I roll up my sleeves?

TIA

0 Kudos
1 Solution

Accepted Solutions
Stephen_Moreau
Participant

Just to close the circle on this. My issue turned out to be a problem with mis-matching count of CoreXL instances on both nodes. Visible under cpview 'SysInfo'. Once I matched the number of instances by changing the config in cpconfig and rebooting, the previous stable status was restored.

Why it stopped using the sync interface IP addresses while the mismatch occurred is unknown.

View solution in original post

0 Kudos
4 Replies
Timothy_Hall
Legend Legend
Legend

What is the physical setup of the sync interface?  Just an Ethernet cable or connected through a switch?

 

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
Daniel_Schlifka
Contributor

igmp snooping on switch side could be a cause too.
you can verify that by setting the cluster to unicast or broadcast for testing purpose.
See sk20576.

0 Kudos
Stephen_Moreau
Participant

Just to close the circle on this. My issue turned out to be a problem with mis-matching count of CoreXL instances on both nodes. Visible under cpview 'SysInfo'. Once I matched the number of instances by changing the config in cpconfig and rebooting, the previous stable status was restored.

Why it stopped using the sync interface IP addresses while the mismatch occurred is unknown.

0 Kudos
Stephen_Moreau
Participant
Connected via a switch by the bye, but not germane to the issue in this case as the interfaces were not down, except for CP HA.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events