No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Process the Network Disconnection Caused by Reverse Routing Verification on the Linux Operating System

How Do I Process the Network Disconnection Caused by Reverse Routing Verification on the Linux Operating System

Issue

On the Linux operating system, the eSight server has multiple IP addresses that belong to different network segments. If a device or third-party system has added routing data required for connecting to the eSight server but fails to ping the eSight server. How do I process this problem?

Possible Causes

To prevent illegal packets from being forwarded or converted into the upper-level protocol, the Linux operating system queries the routing outbound interface based on the package source IP address, and compares the original outbound interface with the queried one. If they are the same, the packet is accepted. If they are different and the value of rp_filter is 1 (strict reverse routing verification), the packet is discarded.

The rp_filter parameter is set to 1 by default, to increase the system security. To check the parameter value, run the following command, where eth0 indicates the network adapter to be queried and needs to be replaced with the actual one:

sysctl -a 2>/dev/null | grep eth0 | grep -w rp_filter

Answer

  • Scenario where southbound and northbound services are separated

    Plan the system IP address, heartbeat/replication IP address, and southbound IP address on different network planes. In addition, plan the device IP address and the southbound IP address of eSight on the same network plane.

NOTE:

In the scenario where a single-node system is deployed, the heartbeat or replication IP address does not exist.

  • Scenario where southbound and northbound services are not separated

    Plan the system IP address and heartbeat/replication IP address on different network planes. In addition, plan the device IP address and the system IP address of eSight on the same network plane.

NOTE:

In the scenario where a single-node system is deployed, the heartbeat or replication IP address does not exist.

Download
Updated: 2019-09-02

Document ID: EDOC1100011856

Views: 92539

Downloads: 53

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next