No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Management port is unaccessable when activate service ports

Publication Date:  2016-03-05 Views:  48 Downloads:  0
Issue Description

5500V3, system version is V300R002C10SPC200

The customer has a production network (172.20.0.0/23) and a management network(192.168.110.0/24).

The Management Interface of controller A has the IP 192.168.110.50 and the controller B has the IP 192.168.110.51.

The CIFS-File service has the IP-Address 172.20.1.7. In the normal state is controller A the owner of this IP. When activate this IP Address, the management IP of controller is unreachable.

Network topology is below:


Alarm Information
None
Handling Process

1. Get route table, IP configuration and route trace information from management station(Windows OS), command as below:

route print  

ipconfig -all

tracert 192.168.110.51

The route trace information of management port is below:


The route table of management port is below:


2. We can see that management netowrk 192.168.110.XXX should be access through default route and its gateway is 172.20.1.27. In the meanwhile, Production network 172.20.1.27 should be access through direct routing, because they belong to a same vlan. Since management porth have the same gateway but have a longer routing, all the return back packages would be lost.

3. So, The problemis very clear ,we need to separate management network and production network.

 

Root Cause

1. When ICMP packages are going to be replied from storage to server, the path of outgoing is determined by the policy routing table on storage controllers. Since service IP and the management station IP are belong to the same vlan, the outgoing path from service port to host has a priority in route table. ICMP packages on both management network and production network packages should be replied through service port.

2.Unfortunately, our storage open reverse path filter function in default. It's means each package must  in and out from the same port, otherwise, it should be throw away.

Solution

Solution 1: we need to separate management network and production network. That means we need two ports on hosts and they need to belong different vlan.One is for management network, the other is for service network.

Solution 2: If you only have one port on hosts and you do need to use it access both management and service port of 5500V3 storage. Please contact Huawei support to help you disable reverse path filter on storage.

Suggestions
please separate management network and production network to reducing the risk of network safety.

END