Solved: Re: VIP Cluster not reply ping, ssh, web, etc...

Bernardes · ‎2023-03-16

Hello Mates!

I deploy a new Cluster and SMS and this cluster has 2 interfaces(eth0 and eth1):

eth0(member1 - 172.31.1.2, member2 - 172.31.1.3, VIP - 172.31.1.1)

eth1(member1 - 172.31.0.8, member2 - 172.31.0.9, VIP - 172.31.0.10)

When I ping physical interfaces (.8 and .9 or .3 and .4) it replies normally and I can access ssh and web portal from that, but when I try to ping or access the VIP (.10 or .1) it does not respond. This is a brand new environment. I deploy many others and I didn't have to make any changes for it to work.

Any advice to make it work?

This is a distributed Cluster(2 members HA Active/Standby) + SMS R81.10 JHF take 87 all open servers Virtual appliances

Thank you!

HeikoAnkenbrand · ‎2023-03-17

See sk102118:
It is not possible to ping or connect over SSH to ClusterXL VIP address

or sk106425:
Connections through cluster to physical IP address of ClusterXL Standby member / VRRP Backup member ...

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

View solution in original post

HeikoAnkenbrand · ‎2023-03-17

See sk102118:
It is not possible to ping or connect over SSH to ClusterXL VIP address

or sk106425:
Connections through cluster to physical IP address of ClusterXL Standby member / VRRP Backup member ...

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips

Bernardes · ‎2023-03-17

Hello @HeikoAnkenbrand

I tried this sks, but nothing changed. In my LAB I noticed that sometimes the VIP reply ping and sometimes don't on eth0. In eth1 I can ping VIP and interfaces IPs simultaneously normally. I'm not sure why it occurs. Any advice? Other than those already mentioned

JozkoMrkvicka · ‎2023-03-18

From where you are trying to reach VIPs ?

Do you see any drops on Active member using following command (from expert) while initiating the traffic ?

fw ctl zdebug + drop | grep 172.31.1.

Kind regards,
Jozko Mrkvicka

Bernardes · ‎2023-03-18

@JozkoMrkvickaI tried to access it from the same subnet of each interface. In the case of my lab, from the 172.12.10(eth1) I can ping simultaneously interfaces IP and the VIP, but from the 192.168.10(eth) sometimes I can ping the VIP and sometimes dont.

In the case of customer environment nither interface ping the VIP, but I can access by SSH for example.

No drops on zdebug.

the_rock · ‎2023-03-18

Hm, I dont think thats 100% accurate. I have R81.10 cluster lab and I can perfectly ping and ssh into VIP. No changes were ever made to any files to make that work.

Bernardes · ‎2023-03-18

@the_rockIndeed this is very weird. I already made labs in other times that no were need changes to work it too.

the_rock · ‎2023-03-18

I agree. Let me see if I can verify it in lab Monday.

Bernardes · ‎2023-03-19

I'm very grateful for your help as always @the_rock !

the_rock · ‎2023-03-19

I will check with my colleague tomorrow if I can turn 4 CP vm's back on, as we needed to turn them off for some Aruba testing. If I can, we can circle back and I will update you.

Cheers mate.

the_rock · ‎2023-03-19

Always willing to help the best I can @Bernardes , my pleasure mate.

Iamerror404 · ‎2023-09-07

Hello Mates,

I had a similar issue as Bernardes but was able to resolve it.

What I have done is to reinitiate the SIC and copy topology to interfaces. After that, I was able to ping the VIP.

I hope it helps.

Are you a member of CheckMates?

VIP Cluster not reply ping, ssh, web, etc...