VRRPmc Cluster Members outgoing connections

[luisrocha]

Good Afternoon Guys.......

Can you tell me what to expect whent initiating a connection from a standby member of a VRRPmc configuration about source mac address and ip address used.

issue :
HA Mode
Cluster XL for sync
VRRPmc for all 8 interfaces
In the Cluster Object "3rd Party Configuration" i have checkbox in "Hide Cluster Members for outgoing traffic behind Cluster ip address"
NGX with IPSO 4

Assuming this when i initiate a connection from the active member if i make a tcpdump i see the connection SourceMac=VRRP_MAC and SourceIP=VIP, well this is the normal behaviour, but if i make a connection from the Standby node i see the connection getting out with the SourceMac=Local and SourceIP=VIP well with this behavior i see the SYN getting out from the node and no SYNACK because the SYNACK will return to the VIP address and will be processed by the active member and so i cannot connect to anything in the standby member.
Another problem is this is not true on all interfaces of the standby member, in some interfaces the connection is initiated with SourceMAC=Local and SourceIP=LocaLIP and the connection works fine.

Can you tell me what to expect, wich behaviour is the normal one ?



Luis Rocha

[northlandboy]

I would expect to see sourcemac=localmac, and sourceIP=VRRP IP, for all outbound connections from the secondary member. Some outbound connections won't be natted though - there is a file somewhere that defines which ones.

If you're running VRRP, I think you're better off turning off the "hide behind cluster IP" option - in fact, turn off all three options in 3rd party config, for slightly better performance.