No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Two node cluster hot backup net server doesn’t stable and appears massive packet loss

Publication Date:  2012-12-12 Views:  101 Downloads:  0
Issue Description

External network: though optical fiber transceiver transfer a twisted pair connects to the peer vendor’s anti-poison wall.
Peer vendor’s anti-position wall: uses transport mode, up connects to the Netcom optical fiber transceiver, down connects to the peer vendor’s switch.
USG3040 firewall: A and B do two node cluster hot backup, the twisted pair connects to peer vendor’s switch; A and B connect each other through optical fiber, which connects the core switch S9306.
S9306: two optical ports on switch connect USG firewall A and B; through the twisted pair connects to server; on switch two ports do port aggregation, through fiber connects S2300 switch.
S2300: switch through optical fiber connect to the core switch.
Through configuring:
nat server global 1.1.1.3 inside 192.168.1.106
nat server global 1.1.1.2 inside 192.168.1.105
Public network virtual-ip 1.1.1.1. Realize the point to point mapping from internal network to external network, but access server abnormally, even can’t access for a long time.


Alarm Information
None.
Handling Process
1. Check VRRP configuration and HRP configuration and VGMP configuration;
2. Modify the configuration
nat server global 1.1.1.3 inside 192.168.1.106  vrrp  4
nat server global 1.1.1.2 inside 192.168.1.105   vrrp  4
Root Cause
When doing two-node cluster hot backup, when the NAT address pool address or the NAT Server’s public network IP address and VRRP group's virtual IP address are in the same network segment, the ascending-descending device transmits the ARP request to the NAT address pool or NAT Server public network IP, two USG3040 will respond to the ARP text, thus creates the collision, impact the movement of the regular service.
Suggestions
When the two-node hot backup makes nat server, if the NAT address pool address or the NAT Server public network IP address and VRRP group's virtual IP address are in the same network segment, must add VRRP VRID, otherwise needs not to add.

END