VRID conflict causes ping packet lost seriously

Publication Date:  2012-11-22
Issue Description
Two sets of USG equipments compose two-node cluster hot backup, it appears lots of packet loss when ping the VRRP virtual address of the firewall in peer end switch. It has no packet loss when ping the real address of the firewall’s interface.
Alarm Information
Handling Process
1, check the port consultation mode, both ends are the forced 100 MB full duplex.
2, check the occupancy rate of firewall’s CPU and memory, they are normal.
3, check port flow statistics situation of the firewall.
4, in peer end switch Ping firewall’s interface real address has no packet loss, it proves there is no problem in intermediate link.
5, check firewall VRRP state normal, and check the ARP entry of the firewall, found that the same VRRP virtual MAC address is corresponded with different IP addresses. Through checking found the VRRP configured by different firewall has conflict with the VRID, causes VRRP is conflict with the virtual MAC and caused MAC entry error.
6, thus the problem is positioned, after modified VRID, business returned to normal.
Root Cause
1, the ports consultation problems.
2, the occupancy rate of CPU or memory is high.
3, port actual flow beyond the forwarding ability of the port.
4, there is interference in link.
5, VRID setting conflict.
6, IP address or MAC address conflict