5500V3, system version is V300R002C10SPC200
The customer has a production network (172.20.0.0/23) and a management network(192.168.110.0/24).
The Management Interface of controller A has the IP 192.168.110.50 and the controller B has the IP 192.168.110.51.
The CIFS-File service has the IP-Address 172.20.1.7. In the normal state is controller A the owner of this IP. When activate this IP Address, the management IP of controller is unreachable.
Network topology is below:
1. Get route table, IP configuration and route trace information from management station(Windows OS), command as below:
The route trace information of management port is below:
The route table of management port is below:
2. We can see that management netowrk 192.168.110.XXX should be access through default route and its gateway is 172.20.1.27. In the meanwhile, Production network 172.20.1.27 should be access through direct routing, because they belong to a same vlan. Since management porth have the same gateway but have a longer routing, all the return back packages would be lost.
3. So, The problemis very clear ,we need to separate management network and production network.
1. When ICMP packages are going to be replied from storage to server, the path of outgoing is determined by the policy routing table on storage controllers. Since service IP and the management station IP are belong to the same vlan, the outgoing path from service port to host has a priority in route table. ICMP packages on both management network and production network packages should be replied through service port.
2.Unfortunately, our storage open reverse path filter function in default. It's means each package must in and out from the same port, otherwise, it should be throw away.
Solution 1: we need to separate management network and production network. That means we need two ports on hosts and they need to belong different vlan.One is for management network, the other is for service network.
Solution 2: If you only have one port on hosts and you do need to use it access both management and service port of 5500V3 storage. Please contact Huawei support to help you disable reverse path filter on storage.
please separate management network and production network to reducing the risk of network safety.