No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting Guide

CloudEngine 16800, 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
External Network Access Fails After a CE Switch Replaces a Non-Huawei Device as the Gateway

External Network Access Fails After a CE Switch Replaces a Non-Huawei Device as the Gateway

Keywords

Gateway, replacement, CE12800, switch

Abstract

External network access fails after a CE switch replaces a non-Huawei device as the gateway.

Problem Description

On the network, a non-Huawei device functions as the gateway and connects to multiple servers. During service cutover, the non-Huawei device is replaced by a CE12800. After service cutover, intranet users can access the web server, but external network users cannot access the intranet. The live network runs OSPF, and the number of OSPF routes is within the normal range. Intranet users can only ping the CE12800 gateway using the tracert command.

Procedure

The first service cutover was completed by an agent. The agent converted the non-Huawei device's configuration and then imported the converted configuration to the CE12800. After all VLANs' services were cut over, external network users cannot access internal servers and can only ping the CE12800 using the tracert command. The customer then considered that the CE12800 caused the fault and rolled back the cutover.

Technical support personnel analyzed the fault and found that the fault occurred because ARP proxy was not configured. Routed ARP proxy was manually configured during the second service cutover. After the second service cutover, external network users can access all internal servers. Packet headers were obtained for fault location. Obtained packet header information showed that some servers had incorrect IP addresses configured and so they were on different network segments than their gateway (the CE12800).

Root Cause

Servers connected to the gateway have incorrect masks configured or IP addresses of these servers do not belong to the same network segment. As a result, the gateway considers that these servers are not located on the same network segment as itself and does not respond to the ARP requests of these servers. Subsequently, traffic of these servers cannot be forwarded to external networks at Layer 3 through the gateway. Intranet users can normally communicate at Layer 2. The non-Huawei device has ARP proxy enabled by default and so can respond to ARP requests from servers on different network segments.

Solution

Reconfigure IP addresses for the servers to ensure that the servers are located on the same network segment as the gateway. Alternatively, configure routed ARP proxy on the gateway.

Suggestion

  1. During device replacement, risks exist when only the configuration of the device that needs to be replaced is converted. This device and the device that will replace it have different functions that are enabled by default, different networking modes, and different traffic paths. Therefore, after service cutover is complete, services will become abnormal. It is better to analyze networking, obtain packet headers for analysis, and then provide a replacement solution.
  2. During device replacement, do not cut over services on all the VLANs at a time. You are advised to cut over services on one VLAN and then check whether services on this VLAN are normal. If services on this VLAN are normal, cut over services on the next VLAN until services on all the VLANs are cut over. This method ensures that problems brought by service cutover can be solved in time.
  3. Collect and consider differences in default configurations of Huawei devices and commonly used non-Huawei devices during device replacement.
Translation
Download
Updated: 2020-01-07

Document ID: EDOC1000060766

Views: 613414

Downloads: 2962

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next