A strange thing happened today

[tdvit]

Hi guys,

I recently upgraded my mgmt server (hardware only) and since then I have had intermittent problems with mgmt my redundent firewalls. From time to time when I test the sic status one of them fails saying no tcp connectivity. However I can ping it just fine and the both remain in working order as far as the cluster goes.

They are both in a Nokia IP Cluster HA and today I decided to reset the sic between mgmt and firewall. BANG our internet went down. I am pretty sure it was acting as the master when I reset the sic. Why would this happen can anyone tell me? The working firewall should have taken over??

[masterloo]

When you upgraded the hardware did you move to another box? Did you keep the same ip, hostname, fqdn, and perform an upgrade_import?

When you say clustering HA with Nokia, I assume you are talking about VRRP.

If you reset SIC on the primary and if your VRRP wasn't functioning/configured properly or you had VRRP firewall monitoring off you could've had service interruption while the CP services were restarting.

1) You may want to check whether your VRRP is functioning/configured properly.

nokia> clish
in clish on both boxes: show vrrp

one should have all interfaces as master and the other all as backup

2) you could do a tcpdump/fw monitor to see what the SIC traffic is doing at the Firewall when you test it. e.g. nokia> fw monitor -e 'sport=18191 or dport=18191,accept;'

There could be many reasons why this happened and these are just a few starting ideas on where to begin to look for the problem(s) working with the few details provided

[tdvit]

thanks for the reply.

Im running a load sharing nokia IP cluster not vrrp.

Mick