[j-nsp] [c-nsp] strange issue
Ryan Rawdon
ryan at u13.net
Thu Jul 29 12:17:27 EDT 2021
> On Jul 29, 2021, at 11:55 AM, james list <jameslist72 at gmail.com> wrote:
>
>
> Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM
>
>
>
> It happens sometime that the VM do not respond anymore to Load balancer for
> external ip addresses until on the Load balancer it is setted to source NAT
> (SNAT) the internet traffic and then SNAT it’s removed.
>
Can you share the routing table of the VM in question? Specifically/most importantly - Is the load balancer being used as the VM’s default gateway, or does the VM use the firewall as its default gateway? In the latter case, I would expect the load balancer to SNAT traffic or act as a full layer 7 proxy where a new TCP connection is established from the load balancer to the upstream servers.
With a misconfiguration or misaligned design intention here, I could see the intended behavior depending on ARP or firewall/connection state tracking behavior in the devices.
> Something like an action that solicit the VM to refresh the arp.
>
>
>
> While health check from Loadbalancer to VM in the same LAN subnet never
> stops to work.
>
>
>
> Does anybody ever encountered the same problem on VM environments ?
In the absence of evidence otherwise, I suspect your issue is not VM-specific. Do you have examples of physical hosts in the same LAN that do not exhibit this problem? If so, has the routing table (default gateway and possibly other persistent static routes) been compared?
>
> Any idea ?
>
>
>
> Thanks in advance
>
> James
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the juniper-nsp
mailing list