10-18-2022 01:01 PM - edited 10-20-2022 12:27 PM
NOTE:
This appears to have been an issue in the Cloud space. I suspect a VMotion or reboot of the VM Host resolved the problem as an unrelated issue with spinning up access to the VM was resolved at the same time this HA issue was resolved and no configuration changes were made.
--------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------
Hey, all.
I'm setting up a pair of VM-500's in a cloud environment and having some issues with the HA between them.
HA1 Backup is configured to use the Management port on both VM's, HA2 is configured to use an IP in an isolated subnet separate from all other traffic.
HA1 is also set in an isolated subnet, separate from all other traffic, but remains down. I have confirmed that the peer IPs are correct.
In the CLI when I look at the HA1 interface I see the following:
Firewall 1 (currently passive):
admin@oci-sbx-vcn1-fw1(passive)> show interface all
total configured hardware interfaces: 6
name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 ukn/ukn/down(power-down) 02:00:17:07:12:80
ethernet1/2 17 ukn/ukn/down(power-down) 02:00:17:0b:c2:fa
ethernet1/3 18 ukn/ukn/down(power-down) 02:00:17:10:67:aa
ethernet1/4 19 ukn/ukn/down(power-down) 02:00:17:01:74:e3
ethernet1/5 20 10000/full/up 02:00:17:16:3f:fc
ethernet1/6 21 10000/full/up 02:00:17:10:94:66
---- OMITTED OUTPUT ----
ethernet1/5 20 1 ha 0 10.11.11.162/29
ethernet1/6 21 1 ha 0 10.10.10.186/29
----------------------------------------------------------------
admin@oci-sbx-vcn1-fw1(passive)> show interface ethernet1/5
-----------------------------------------------
Name: ethernet1/5, ID: 20
Link status:
Runtime link speed/duplex/state: 10000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address 02:00:17:16:3f:fc
Operation mode: ha
Untagged sub-interface support: no
-----------------------------------------------
Name: ethernet1/5, ID: 20
Operation mode: ha
HA interface role: ha1, function: control-link
Interface IP address: 10.11.11.162/29
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
-----------------------------------------------
-----------------------------------------------
Physical port counters read from MAC:
-----------------------------------------------
rx-broadcast 0
rx-bytes 2912
rx-multicast 0
rx-unicast 52
tx-broadcast 0
tx-bytes 99180
tx-multicast 0
tx-unicast 1653
-----------------------------------------------
-----------------------------------------------
Detailed physical port counters read from MAC:
-----------------------------------------------
No detailed counters found
-----------------------------------------------
Hardware interface counters read from CPU:
-----------------------------------------------
bytes received 2912
bytes transmitted 92568
packets received 52
packets transmitted 1653
receive incoming errors 0
receive discarded 0
receive errors 0
packets dropped 0
-----------------------------------------------
Logical interface counters read from CPU:
-----------------------------------------------
bytes received 2912
bytes transmitted 92568
packets received 52
packets transmitted 1653
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
-----------------------------------------------
Firewall 2 (currently active):
admin@oci-sbx-vcn1-fw2(active)> show interface all
total configured hardware interfaces: 6
name id speed/duplex/state mac address
--------------------------------------------------------------------------------
ethernet1/1 16 10000/full/up 02:00:17:13:ac:48
ethernet1/2 17 10000/full/up 02:00:17:01:8a:f0
ethernet1/3 18 10000/full/up 02:00:17:10:fc:9b
ethernet1/4 19 10000/full/up 02:00:17:04:59:33
ethernet1/5 20 10000/full/up 00:00:17:01:2c:88
ethernet1/6 21 10000/full/up 02:00:17:16:d2:6d
---- OUTPUT OMITTED ----
ethernet1/5 20 1 ha 0 10.11.11.163/29
ethernet1/6 21 1 ha 0 10.10.10.187/29
----------------------------------------------
admin@oci-sbx-vcn1-fw2(active)> show interface ethernet1/5
-----------------------------------------------
Name: ethernet1/5, ID: 20
Link status:
Runtime link speed/duplex/state: 10000/full/up
Configured link speed/duplex/state: auto/auto/auto
MAC address:
Port MAC address 00:00:17:01:2c:88
Operation mode: ha
Untagged sub-interface support: no
-----------------------------------------------
Name: ethernet1/5, ID: 20
Operation mode: ha
HA interface role: ha1, function: control-link
Interface IP address: 10.11.11.163/29
Interface management profile: N/A
Service configured:
Zone: N/A, virtual system: vsys1
Adjust TCP MSS: no
Policing: no
-----------------------------------------------
-----------------------------------------------
Physical port counters read from MAC:
-----------------------------------------------
rx-broadcast 0
rx-bytes 3864
rx-multicast 0
rx-unicast 69
tx-broadcast 0
tx-bytes 81420
tx-multicast 0
tx-unicast 1357
-----------------------------------------------
-----------------------------------------------
Detailed physical port counters read from MAC:
-----------------------------------------------
No detailed counters found
-----------------------------------------------
Hardware interface counters read from CPU:
-----------------------------------------------
bytes received 3864
bytes transmitted 76216
packets received 69
packets transmitted 1361
receive incoming errors 0
receive discarded 0
receive errors 0
packets dropped 0
-----------------------------------------------
Logical interface counters read from CPU:
-----------------------------------------------
bytes received 3864
bytes transmitted 76216
packets received 69
packets transmitted 1361
receive errors 0
packets dropped 0
packets dropped by flow state check 0
forwarding errors 0
no route 0
arp not found 0
neighbor not found 0
neighbor info pending 0
mac not found 0
packets routed to different zone 0
land attacks 0
ping-of-death attacks 0
teardrop attacks 0
ip spoof attacks 0
mac spoof attacks 0
ICMP fragment 0
layer2 encapsulated packets 0
layer2 decapsulated packets 0
tcp cps 0
udp cps 0
sctp cps 0
other cps 0
-----------------------------------------------
10-19-2022 12:05 PM
I thought it could potentially be a Cloud routing issue, but when I configure HA1 to use management and set eth1/5 as HA1-Backup they all come up green. When I flipped them back to use eth1/5 as HA1 and Management as HA1-Backup, HA1 again went red while HA1-Backup and HA2 were green. Very odd.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
