HPE Community
Operating System - HP-UX
1834532 Members
3192 Online
110069 Solutions
New Discussion

Problem routing to firewall cluster

 
SOLVED
Go to solution
Jan Wunsche
New Member

‎05-28-2002 11:20 PM

‎05-28-2002 11:20 PM

Problem routing to firewall cluster

We have a few HP-UX machines connected to a Firewall-1 (NG) firewall running StoneBeat FullCluster. The cluster is running in standby mode with only one node active. The cluster address is a shared IP-address with a multicast MAC-address. The firewall and HP-UX machines are connected through Cisco-switches with a Sun GigaSwift card on the firewall side.

When I set the default route on the HP-UX machine to the cluster address communication fails intermittently. It seems like it is up for about 3 minutes and then down for about 3 minutes. When I ping from a client and snoop the firewalls interface on its LAN I can see the echo requests being sent, but I see no replies during the down periods.

Setting a host route to the test client solves the problem for that client, even if the gateway is the cluster address of the firewall. Changing the default route to the firewall nodes physical IP-address also solves the problem (but then the cluster is of no use).

The problem appears for several HP-UX machines but does not seem to affect other machines (Sun Solaris, Dell Windows NT).

Any idea what is going on?
0 Kudos
Reply
3 REPLIES 3
U.SivaKumar_2
Honored Contributor

‎05-28-2002 11:50 PM

‎05-28-2002 11:50 PM

Solution

Re: Problem routing to firewall cluster

Hi,
In HP-UX , if you are adding a route with gateway x.x.x.x , it will try to send icmp echo
request packets ( ping ) to the gateway to see whether it is available viz. dead gateway detection. If it does not respond the route is
discarded.

You can try this on the HP-UX server.
#ndd -set /dev/ip ip_ire_gw_probe 0
and try your things again.

regards,
U.SivaKumar
Innovations are made when conventions are broken
Reply
U.SivaKumar_2
Honored Contributor

‎05-29-2002 10:01 PM

‎05-29-2002 10:01 PM

Re: Problem routing to firewall cluster

hi,
For a permanent setting even after reboot put this lines in /etc/rc.config.d/nddconf
TRANSPORT_NAME[0]=ip
NDD_NAME[0]=ip_ire_gw_probe
NDD_VALUE[0]=0

regards,
U.SivaKumar
Innovations are made when conventions are broken
Reply
Jan Wunsche
New Member

‎05-29-2002 11:07 PM

‎05-29-2002 11:07 PM

Re: Problem routing to firewall cluster

That solved the problem. Because of a configuration problem the firewall didn't respond to pings to the cluster address and thus the HP stopped communicating. We are fixing the firewall problem but we'll also change the HPs configuration.

I still don't fully understand why it keeps coming back online for 3 minute periods. Since the problem is solved that isn't an important question.

Many thanks for your quick reply!
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.