Cluster member up and down (FIB) problem

[Hitman]

Hi,

I have 2 SPLAT configure in a HA cluster.

Problem:

At interval of 5 minutes one of the member decide to drop the FIBMGR connection between the cluster members.
After that the cluster member 2 become down.

I get theses messages in the log tracker :

Cluster member IP is being spoofed
Cluster XL member 2 is down Problem notification on member 2 detected a problem (FIB)

A couple of seconds later this member 2 is up with the following log message:

Cluster XL member 2 is up Problem notification on member 2 status OK (FIB)

Five minutes later same thing happen.

The IP spoof is impossible by anoter server because this cluster is in a test environnement and with no other server in the cluster networks.

Thanks in advance for your help

[bryancromwell]

If you are not using Advanced Routing, Disable it in cpconfig (Dynamic Routing option) This is what the FIB device is for.
We still configure Rip via the old zebra method so we just disabled it in our enviroment for now.

[Danielpb]

Just for future problems with the error message 'Cluster member IP is being spoofed'

I was seeing this when a VPN was trying to be establish on an internal interface. The resolution was to untick the following 'Enable Extended Cluster Anti-Spoofing' under the topology tab of the cluster object.

hope this helps.

cheers

Dan

[cormic]

All,

I just had this problem when I brought up my first NGX cluster on SPLAT Pro. When I did a chpaprob list I got the following.

Device Name: FIB
Registration number: 4
Timeout: none
Current state: problem
Time since last report: 42.8 sec

I was also seeing a drop in the logs for FIBMGR on port TCP 2010.

I found checkpoint article sk31243. This basically told me to create the following rule

SOURCE: gateway_cluster
DESTINATION: gateway_cluster
SERVICE: FIBMGR
ACTION: accept
INSTALL ON: gateway_cluster

Hope this helps for future users.

Regards,
Graham