Skip to main content
KordiaRG
KordiaRG
New Member
July 4, 2018
Question

Management-ip not accessible on slave node in cluster

  • July 4, 2018
  • 1 reply
  • 24525 views

Hi all,

 

I'm running a pair of 60E's on 5.6.3 as a HA cluster.  I've setup a VLAN interface for management to the root VDOM, given it an IP, and also given each member a management-ip in the same subnet.  So for example, vlan interface is VL100-MGMT, IP is 10.0.100.10/24, and each node has a management-ip set as 10.0.100.11/24 and 10.0.100.12/24 respectively.

 

I can access the VIP (10.0.100.10) fine.  I can access node A's management-ip (10.0.100.11) fine.  However, I cannot access node B's management IP.  A diag sniffer shows no traffic for .12 going to node B.  The cluster appears otherwise healthy and a diag sys ha status looks good.

 

Looking at the arp table on the gateway, I see that all 3 of these addresses have entries, but all to the same virtual MAC:

 

10.0.100.10 = 00:09:0f:09:00:03

10.0.100.11 = 00:09:0f:09:00:03

10.0.100.12 = 00:09:0f:09:00:03

 

The odd thing is, I have an almost identical config on another cluster of 60E's (same version), and these work fine.  On these, the arp table of the gateway shows node B's management-ip with the hardware address of node B, which seems sensible...

 

10.0.100.10 = 00:09:0f:09:00:03

10.0.100.11 = 00:09:0f:09:00:03

10.0.100.12 = 90:6c:ac:0a:0b:0c

 

Anyone else seen this?  A bug?

I was about to log a ticket, but annoyingly this is the 14th site in a national rollout which means the time since purchase is around 9 months and the support auto-started and expired a week ago :(

 

Thanks,

Richard

1 reply

Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
July 4, 2018

We had a similar issue with 5.4.? some time ago although we don't use VRRP on mgmt interfaces between a-p. But it was fixed later release and we don't see the issue at least with 5.4.8 now.

emnoc
emnoc
New Member
July 4, 2018

NO sure what your doing but are trying to set HA-direct and define a interface only for the  two nodes ?

e.g

 

config system ha     set group-id 1     set group-name "socpuppetsgrp"     set mode a-p     set ha-mgmt-status enable     set ha-mgmt-interface "mgmt1"     set ha-mgmt-interface-gateway 10.10.1.111     set override disable  end

 

And now on mgmt it will not be part of root vdom and you  use it for a dedicated mgmt. You do the same for nodes in the cluster and define the correct  address for each and the gateway

 

Ken Felix

 

KordiaRG
KordiaRGAuthor
New Member
July 4, 2018

Hi Ken,

 

This is using the new management-ip directive that was introduced in 5.6.  I'm not using the HA reserved management interface feature.  I use my root vdom purely for device management and it connects only to my management VLAN 100 (no other interfaces in root vdom). 

 

config system interface   edit "VL100-MGMT"     set vdom "root"     set management-ip 10.0.100.12 255.255.255.0     set ip 10.0.100.10 255.255.255.0     set allowaccess ping https ssh snmp http fgfm     set device-identification enable     set role lan     set snmp-index 27     set interface "internal2"     set vlanid 100   next end

 

Rich

Terms & ConditionsAccessibility statement