Odd duplicate ping issue. DUP

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Odd duplicate ping issue. DUP

L4 Transporter

I have a strange issue.

 

I am setting up a new 850 HA pair A/P

 

To the outside world is a LACP Aggregate, connected to a HP switch. 

 

All was going well when testing, I can ping a dummy device (laptop) fine on the outside switch from the firewall.

 

But when I connect to the firewall to the upstream router, pings to google all get ( DUP ).

 

If I connect the laptop to the upstream, pings are normal.

 

Our other old PA3020 cluster is fine?

 

 

9 REPLIES 9

L4 Transporter

So, in the diagram below.

 

LEFT SIDE

 

FW2 is connected on a Aggreagate to a HP Aruba, the Aruba has a standard LACP enabled trunk.

 

The aruba connects on to a Cisco Catalyst, and then onto the ISP router....

 

In this configuration, every packed seems to be reported as duplciate on the CLI.

 

If I remove one link the issue persists.

 

RIGHT SIDE

 

FW2 is connected on a single L3 to a HP Aruba.

 

The aruba connects on to a Cisco Catalyst, and then onto the ISP router....

 

In this configuration, every packed seems normal.

 

Conclusion

 

None so far, I am thinking it may be cosmetic.

 

 

 

 

firedup.jpg

 

 

 

1. What is FW1 doing?

2. We've had many issues with HP equipment, LACP and STP.  I'd look into firmware upgrades to see if this fixes your issue.  You could also try forcing the aggregate and disabling LACP (even though I wouldn't recommend this unless you are desperate).

FW1 is an exisiting install protecting a differnet network.

 

I need to do a little more testing but with a windows workstation on the trusted network I get a normal solid/clean ping response.

 

The HP stuff is not for production, there's a stack of them waiting to go out to branches so i Borrowed one whilst waiting on a pair of Catalysts to turn up.

 

Rob

Have you tried removing the Aruba from the equation and going straight to the Cisco?  Is the Aruba even necessary?

I don't want to mess too much with the production Edge Switches, they are only set up with a single port not a port-group.

 

We will be migrating all ISP connections to the new Stacked Catalysts eventualy. 

 

I will plug it back in today and monitor the connections.

 

Cheers

 

Rob

 

 

 

 

I only ask because I have had issues with HP switches and LACP in the past.  I'm not as familiar with the newer Aruba/Procurves but I know they are going through some groing pains.  If you are hunting around for switch brands, don't forget to check out Juniper.

My windows VM connected to the FW does not show a DUP.

My Linux VM connected to the FW does show a DUP.

 

It's got to be something with the ARUBA and it's LACP.... Wish the Cisco's would turn up.

 

Rob

Cisco C9200's turned up yesterday, got them stacked together and configured.

 

Moved the Palos from there test location to the rack with the cisco's..

 

Connected everything up in the expected way.

 

Ping to google..

 

17.1ms

17.1ms

etc..

 

Not a single DUPE super solid. 

 

 

 

So thaks HP/ARUBA, another great product you have there..

 

Rob

 

 

No comment... HA!

 

Notice, there is no surprised look on this face.  Sorry you had to deal with this.  I really do feel your pain.

  • 7482 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!