Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alan_Camelo1
Contributor

Strange Anti-spoof messages on Cluster IP Address

I have a weird issue where if I ping a server e.g 10.9.8.7/27 it does not respond, but If I ping 10.9.8.6/27 it does work. This is via a static route to say 10.5.5.5/29 which is directly connected to interface bond1.123 on the Firewall. Cluster Address 10.5.5.1/29. 

Upon checking logs it shows Cluster member IP address spoofing only from 10.9.8.7, not 10.9.8.6. The network 10.9.8.0/27 is specifically  in the group to allow traffic in the anti-spoof group for Interface bond1.123. 

Has anyone ever seen this before? when I do a cpstop it works! , All very strange.

Thanks in advance

0 Kudos
Reply
4 Replies
Danny
Champion
Champion

We have a tool in our ToolBox that might be of help: SmartConsole Extension to show the calculated interface topology of a gateway

0 Kudos
Reply
Alan_Camelo1
Contributor

Thanks Danny, but I don't think that would help as the spoofing groups all look correct in the topology. 

I'll give it a try and let you know.

0 Kudos
Reply
JackPrendergast
Collaborator

Can you provide screenshots of your interface topology within SmartConsole please?

0 Kudos
Reply
Alan_Camelo1
Contributor

Hi Jack, I cant really provide screenshots but here is the best I can Show, the issue is trying to ping 10.9.8.7 (10.9.8.6 is OK)

Interface bond1.1203 - 10.5.5.1/29

Route to 10.9.8.0/27 via 10.5.5.5 (next hop router)

Networks in spoof group for Interface bond1.1203

10.5.5.0/29 and 10.9.8.0/27

Logs show Cluster spoof from 10.9.8.7 to 10.5.5.1.

Thanks in advance

0 Kudos
Reply