[j-nsp] [c-nsp] strange issue

james list jameslist72 at gmail.com
Thu Jul 29 12:34:00 EDT 2021 

Hi
I've to ask for the VM routing table and then I will share.

VM gateway is load balancer.

Cheers
James

Il giorno gio 29 lug 2021 alle ore 18:17 Ryan Rawdon <ryan at u13.net> ha
scritto:

>
> > On Jul 29, 2021, at 11:55 AM, james list <jameslist72 at gmail.com> wrote:
> >
> >
> > Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM
> >
> >
> >
> > It happens sometime that the VM do not respond anymore to Load balancer
> for
> > external ip addresses until on the Load balancer it is setted to source
> NAT
> > (SNAT) the internet traffic and then SNAT it’s removed.
> >
>
> Can  you share the routing table of the VM in question?  Specifically/most
> importantly - Is the load balancer being used as the VM’s  default gateway,
> or does the VM use the firewall as its default gateway?  In the latter
> case, I would expect the load balancer to SNAT traffic or act as a full
> layer 7 proxy where a new TCP connection is established from the load
> balancer to the upstream servers.
>
> With a misconfiguration or misaligned design intention here, I could see
> the intended behavior depending on ARP or firewall/connection state
> tracking behavior in the devices.
>
>
> > Something like an action that solicit the VM to refresh the arp.
> >
> >
> >
> > While health check from Loadbalancer to VM in the same LAN subnet never
> > stops to work.
> >
> >
> >
> > Does anybody ever encountered the same problem on VM environments ?
>
> In the absence of evidence otherwise, I suspect your issue is not
> VM-specific.  Do you have examples of physical hosts in the same LAN that
> do not exhibit this problem?  If so, has the routing table (default gateway
> and possibly other persistent static routes) been compared?
>
> >
> > Any idea ?
> >
> >
> >
> > Thanks in advance
> >
> > James
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>

More information about the juniper-nsp mailing list