Re: Strange Anti-spoof messages on Cluster IP Addr...

Alan_Camelo1 · ‎2020-11-26

I have a weird issue where if I ping a server e.g 10.9.8.7/27 it does not respond, but If I ping 10.9.8.6/27 it does work. This is via a static route to say 10.5.5.5/29 which is directly connected to interface bond1.123 on the Firewall. Cluster Address 10.5.5.1/29.

Upon checking logs it shows Cluster member IP address spoofing only from 10.9.8.7, not 10.9.8.6. The network 10.9.8.0/27 is specifically in the group to allow traffic in the anti-spoof group for Interface bond1.123.

Has anyone ever seen this before? when I do a cpstop it works! , All very strange.

Thanks in advance

Danny · ‎2020-11-26

We have a tool in our ToolBox that might be of help: SmartConsole Extension to show the calculated interface topology of a gateway

Alan_Camelo1 · ‎2020-11-26

Thanks Danny, but I don't think that would help as the spoofing groups all look correct in the topology.

I'll give it a try and let you know.

JackPrendergast · ‎2020-11-26

Can you provide screenshots of your interface topology within SmartConsole please?

Alan_Camelo1 · ‎2020-11-27

Hi Jack, I cant really provide screenshots but here is the best I can Show, the issue is trying to ping 10.9.8.7 (10.9.8.6 is OK)

Interface bond1.1203 - 10.5.5.1/29

Route to 10.9.8.0/27 via 10.5.5.5 (next hop router)

Networks in spoof group for Interface bond1.1203

10.5.5.0/29 and 10.9.8.0/27

Logs show Cluster spoof from 10.9.8.7 to 10.5.5.1.

Thanks in advance

Are you a member of CheckMates?

Strange Anti-spoof messages on Cluster IP Address