VM-500: HA1 Down, HA1 Backup Up, HA2 Up.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

VM-500: HA1 Down, HA1 Backup Up, HA2 Up.

L2 Linker

NOTE

This appears to have been an issue in the Cloud space. I suspect a VMotion or reboot of the VM Host resolved the problem as an unrelated issue with spinning up access to the VM was resolved at the same time this HA issue was resolved and no configuration changes were made.

--------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------

Hey, all.

I'm setting up a pair of VM-500's in a cloud environment and having some issues with the HA between them. 

  • HA1 is Red
  • HA1 Backup is Green
  • HA2 is Green

HA1 Backup is configured to use the Management port on both VM's, HA2 is configured to use an IP in an isolated subnet separate from all other traffic.

HA1 is also set in an isolated subnet, separate from all other traffic, but remains down. I have confirmed that the peer IPs are correct.

 

In the CLI when I look at the HA1 interface I see the following:

 

Firewall 1 (currently passive):

 

 

admin@oci-sbx-vcn1-fw1(passive)> show interface all

total configured hardware interfaces: 6

name                    id    speed/duplex/state            mac address
--------------------------------------------------------------------------------
ethernet1/1             16    ukn/ukn/down(power-down)      02:00:17:07:12:80
ethernet1/2             17    ukn/ukn/down(power-down)      02:00:17:0b:c2:fa
ethernet1/3             18    ukn/ukn/down(power-down)      02:00:17:10:67:aa
ethernet1/4             19    ukn/ukn/down(power-down)      02:00:17:01:74:e3
ethernet1/5             20    10000/full/up                 02:00:17:16:3f:fc
ethernet1/6             21    10000/full/up                 02:00:17:10:94:66

---- OMITTED OUTPUT ----

ethernet1/5         20    1                     ha                       0      10.11.11.162/29
ethernet1/6         21    1                     ha                       0      10.10.10.186/29


----------------------------------------------------------------
admin@oci-sbx-vcn1-fw1(passive)> show interface ethernet1/5

-----------------------------------------------
Name: ethernet1/5, ID: 20
Link status:
  Runtime link speed/duplex/state: 10000/full/up
  Configured link speed/duplex/state: auto/auto/auto
MAC address:
  Port MAC address 02:00:17:16:3f:fc
Operation mode: ha
Untagged sub-interface support: no
-----------------------------------------------
Name: ethernet1/5, ID: 20
Operation mode: ha
HA interface role: ha1, function: control-link
Interface IP address: 10.11.11.162/29
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
-----------------------------------------------
-----------------------------------------------
Physical port counters read from MAC:
-----------------------------------------------
rx-broadcast                  0
rx-bytes                      2912
rx-multicast                  0
rx-unicast                    52
tx-broadcast                  0
tx-bytes                      99180
tx-multicast                  0
tx-unicast                    1653
-----------------------------------------------

-----------------------------------------------
Detailed physical port counters read from MAC:
-----------------------------------------------
No detailed counters found
-----------------------------------------------

Hardware interface counters read from CPU:
-----------------------------------------------
bytes received                           2912
bytes transmitted                        92568
packets received                         52
packets transmitted                      1653
receive incoming errors                  0
receive discarded                        0
receive errors                           0
packets dropped                          0
-----------------------------------------------

Logical interface counters read from CPU:
-----------------------------------------------
bytes received                           2912
bytes transmitted                        92568
packets received                         52
packets transmitted                      1653
receive errors                           0
packets dropped                          0
packets dropped by flow state check      0
forwarding errors                        0
no route                                 0
arp not found                            0
neighbor not found                       0
neighbor info pending                    0
mac not found                            0
packets routed to different zone         0
land attacks                             0
ping-of-death attacks                    0
teardrop attacks                         0
ip spoof attacks                         0
mac spoof attacks                        0
ICMP fragment                            0
layer2 encapsulated packets              0
layer2 decapsulated packets              0
tcp cps                                  0
udp cps                                  0
sctp cps                                 0
other cps                                0
-----------------------------------------------

 

 

 

Firewall 2 (currently active):

 

 

admin@oci-sbx-vcn1-fw2(active)> show interface all

total configured hardware interfaces: 6

name                    id    speed/duplex/state            mac address
--------------------------------------------------------------------------------
ethernet1/1             16    10000/full/up                 02:00:17:13:ac:48
ethernet1/2             17    10000/full/up                 02:00:17:01:8a:f0
ethernet1/3             18    10000/full/up                 02:00:17:10:fc:9b
ethernet1/4             19    10000/full/up                 02:00:17:04:59:33
ethernet1/5             20    10000/full/up                 00:00:17:01:2c:88
ethernet1/6             21    10000/full/up                 02:00:17:16:d2:6d

---- OUTPUT OMITTED ----

ethernet1/5         20    1                     ha                       0      10.11.11.163/29
ethernet1/6         21    1                     ha                       0      10.10.10.187/29

----------------------------------------------

admin@oci-sbx-vcn1-fw2(active)> show interface ethernet1/5

-----------------------------------------------
Name: ethernet1/5, ID: 20
Link status:
  Runtime link speed/duplex/state: 10000/full/up
  Configured link speed/duplex/state: auto/auto/auto
MAC address:
  Port MAC address 00:00:17:01:2c:88
Operation mode: ha
Untagged sub-interface support: no
-----------------------------------------------
Name: ethernet1/5, ID: 20
Operation mode: ha
HA interface role: ha1, function: control-link
Interface IP address: 10.11.11.163/29
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
-----------------------------------------------
-----------------------------------------------
Physical port counters read from MAC:
-----------------------------------------------
rx-broadcast                  0
rx-bytes                      3864
rx-multicast                  0
rx-unicast                    69
tx-broadcast                  0
tx-bytes                      81420
tx-multicast                  0
tx-unicast                    1357
-----------------------------------------------

-----------------------------------------------
Detailed physical port counters read from MAC:
-----------------------------------------------
No detailed counters found
-----------------------------------------------

Hardware interface counters read from CPU:
-----------------------------------------------
bytes received                           3864
bytes transmitted                        76216
packets received                         69
packets transmitted                      1361
receive incoming errors                  0
receive discarded                        0
receive errors                           0
packets dropped                          0
-----------------------------------------------

Logical interface counters read from CPU:
-----------------------------------------------
bytes received                           3864
bytes transmitted                        76216
packets received                         69
packets transmitted                      1361
receive errors                           0
packets dropped                          0
packets dropped by flow state check      0
forwarding errors                        0
no route                                 0
arp not found                            0
neighbor not found                       0
neighbor info pending                    0
mac not found                            0
packets routed to different zone         0
land attacks                             0
ping-of-death attacks                    0
teardrop attacks                         0
ip spoof attacks                         0
mac spoof attacks                        0
ICMP fragment                            0
layer2 encapsulated packets              0
layer2 decapsulated packets              0
tcp cps                                  0
udp cps                                  0
sctp cps                                 0
other cps                                0
-----------------------------------------------

 

 

1 REPLY 1

L2 Linker

I thought it could potentially be a Cloud routing issue, but when I configure HA1 to use management and set eth1/5 as HA1-Backup they all come up green. When I flipped them back to use eth1/5 as HA1 and Management as HA1-Backup, HA1 again went red while HA1-Backup and HA2 were green. Very odd.

  • 2083 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!