Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
MladenAntesevic
Collaborator

R80.40 Cluster-Interfaces down

Jump to solution

Hi,

 We've configured 5600 cluster (HA) and we see 4 bond VLAN subinterfaces are down on both Active and Standby firewall. Besides these four VLAN subinterfaces we have external eth1 interface UP, directly connected bond10 as a sync also UP (these are direct cables between two members) and bond1 as inside also UP.

[Expert@CP1:0]# cphaprob -a if
CCP mode: Manual (Unicast)
Required interfaces: 3
Required secured interfaces: 1

Interface Name:      Status:
eth1                 UP
Mgmt                 Non-Monitored
bond1 (LS)           UP
bond10 (S-LS)        UP
bond4.5 (LS)         DOWN (58713 secs)
bond4.42 (LS)        DOWN (58713 secs)
S - sync, LM - link monitor, HA/LS - bond type
Virtual cluster interfaces: 6
eth1            <public_ip1>
bond1           x.y.4.254
bond4.6         x.y.6.254
bond4.5         x.y.5.254
bond4.42        x.y.42.254
bond4.41        x.y.41.254
 
We have the same output for the second cluster member. We have the same software release on both cluster members:
 
[Expert@CP1:0]# cphaprob release
Release:                R80.40 T294
Kernel build:           994000089
FW1 build:              994000101
FW1 private fixes:      HOTFIX_TEX_ENGINE_R8040_AUTOUPDATE
                        HOTFIX_R80_40_JUMBO_HF_MAIN
ID         SW release
1 (local)  R80.40 T294
2          R80.40 T294
 
bond1 and bond4 interfaces are interconnected over two Cisco Nexus 9300 switches. We double checked the cables and VLAN configuration and everything is fine. One more strange thing that we noticed is that bond interfaces are sending ARPs targeting whole X.Y.5.0/24 subnet, for example:
 
[Expert@CP1:0]# tcpdump -i bond4.5
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond4.5, link-type EN10MB (Ethernet), capture size 262144 bytes
16:23:32.485524 ARP, Request who-has X.Y.5.66 tell X.Y.5.251, length 28
16:23:32.485529 ARP, Request who-has X.Y.5.67 tell X.Y.5.251, length 28
16:23:32.485530 ARP, Request who-has X.Y.5.68 tell X.Y.5.251, length 28
16:23:32.485531 ARP, Request who-has X.Y.5.69 tell X.Y.5.251, length 28
16:23:32.485532 ARP, Request who-has X.Y.5.70 tell X.Y.5.251, length 28
16:23:32.485551 ARP, Request who-has X.Y.5.252 tell X.Y.5.251, length 28
16:23:32.585510 ARP, Request who-has X.Y.5.71 tell X.Y.5.251, length 28
16:23:32.585513 ARP, Request who-has X.Y.5.72 tell X.Y.5.251, length 28
...
 
What could be the reason why is this happening? We are pretty sure that interconnecting switches are properly configured.
 
0 Kudos
7 Replies
This widget could not be displayed.