ClusterXL HA and Advanced Routing Problem!!!

[crispbee]

Hi there,

I have a Problem with Advanced Routing in my Cluster XL HA environment. In this cluster there are two nodes, every node has 3 Network interfaces. 1 is internal network, 1 is external network and 1 for sync.

The problem is now that in SmartView Monitor there is the active node marked as active attention and the passive node is marked as down. Both nodes have a problem status in FIB. In SmartView Tracker I can see, that FIBMGR is passing through the firewall because I have added a rule for this, so this could not be the problem.

I also have tried to untick the "Enable Extended Cluster Anti-Spoofing" under Topology view of the cluster in SmartDashboard, but doesn't help too.

When I disable Advanced Routing the cluster works fine, but I need to use Advanced Routing for a customer. I use Splat Pro on the nodes (R65).. have I forgot to configure something? Has anyone a good idea to solve this problem?

Would be great.

Greetings crispbee

[melipla]

Is this a new deployment? Have you checked to see if all of your multicast traffic to/from the clusters is being accepted?

[crispbee]

Yes it's a new deployment. How can I check that all of the multicast traffic is accepted?

And I have seen another thing that drives me crazy.. when I want to configure the advanced routing with the command: router I get the following error message:

[gw1]# router
EU0 999 System error when trying to resolve 'localhost': Temporary failure in name resolution
ER0 999 Unable to connect to the configuration manager

what should this message tell me?

Greetings crispbee

[Routerkid1]

create a rule in the rulebase that states cluster object to cluster object service = Fibmgr action accept. Then push your policy and your problems will go away.

[Routerkid1]

Look in /etc/hosts and if you see the following

127.0.0.1 localhost.localdomain

make this change:
127.0.0.1 localhost.localdomain localhost

[crispbee]

hi,

thanks for your reply. the rule with FIBMGR is already there, I created a rule for testing: "from cluster object to cluster object any allow"
FIBMGR is also accepted I saw in the Tracker. But why is there in Smart View Monitor the status Attention? Problem Notification Table says that FIB status is PROBLEM, in standby node an ibn active node too. I have already switched sync to broadcast but this doesn't help anything at all.

The fact with the hosts file I have already seen yesterday. Now I am able to configure but which multicast protocol should I use for that? Anyone good practise with IGMP or PIM? I was spending the last days with reading how tos and admin guides, can anyone help me configuring the router please?

and I use netgear switches for my teastlab, is there something to configure in the switches? I have read something like disabling spanning tree and so on..

greetings

[crispbee]

I have now configured it the following way:

localhost.localdomain#sh run
Building configuration...

interface eth0
ip igmp
ip pim dense-mode
ip igmp version 3
exit
interface eth1
ip igmp
ip pim dense-mode
ip igmp version 3
exit
interface eth2
ip igmp
ip pim dense-mode
ip igmp version 3
exit

eth0 is internal net, eth1 external net and eth2 is sync if
Now I have set : cphaconf set_ccp multicast
And now the main member is status ok in SmartView Monitor.. but standby member is already marked as Problem/down... hm Problem notification table says there is a problem with synchronization and FIB..

what the hell should I do to make this work?? Iam going crazy with this config..
In SmartView tracker I am seeing the multicast traffic.. which rule I have to add to accept multicast traffic?

Any Ideas?? would be very great!

Thanks

[melipla]

That's odd that you've configured eth2 in your router config. It should be directly connected to the other firewall--other than defining the IP on the interfaces [outside of the router config] you shouldn't need any advanced routing on that interface.

I would investigate the sync errors--there's a fairly good section in the ClusterXL document which talks about troubleshooting sync. I'd run through it and see if that helps identify the cause of your problems.

The easiest way to look for multicast traffic drops is to filter the source using the cluster object and then look for any multicast traffic. If you push policy, it should make it reconverge and at least minimize the logs you have to sort through. Then clear the source filter and make a destination filter & repeat.

HTH

[crispbee]

hello again,

ok I have filtered the traffic for multicast drops and I see, that there are several drops with state: adress spoofing in it. how can I allow these multicast traffic? I have already tried to disable extended cluster anti spoofing but didn't help.

The configuration on eth2 I have made undone by router config like you said in threat. Now there is only eth0 and eth1 configured. Eth2 is now only configured in sysconfig. But this was not the solution of my problem. There is already a problem state at FIB in my standby node. In the clusterXL docu I don't find a solution for this problem too. Perhaps something I forgot to configure?

Regards crispbee

[crispbee]

I've solved the problem!

It was a corrupt arp table because of a wrong cable switching..
now everything is status ok in SmartView Monitor ;-)
Thanks for your help, was very helpful.

Greetings crispbee