04-25-2011 09:59 PM - edited 03-06-2019 04:47 PM
Hi All,
I have a very strange issue with one remote subnet IP address.
I have a Datacenter Backbone which comprises of 2 Core Switches and 10 Rack Switches(2960Gs). We have 2 NTP servers, one at our Main DC and the other at the DR Site.
Recently, I’ve been seeing hits on our internal firewall( default gateway) for traffic destined to the DR NTP Server.
Did some digging and noticed that I am unable to ping the DR NTP server from a few rack switches. I am able to ping other IPs in that DR NTP Server subnet from the Rack Switches. I am also able to ping it from all other subnets.
Now, it would seem the issue is with the NTP server which is running RHEL. But, I've noticed that I can ping the DR NTP server from 2 Rack switches in the same backbone vlan. There is no difference in the switch configs other than the interface vlan IP. This would rule out any routing issue with this subnet. I have also checked the NTP server and the routing table on this server looks fine.
If I do a traceroute it just times out. Just don’t know what could be the issue. Routing looks fine, switch configurations is fine and the server routing table is also good.
Let me know if anyone has faced a similar issue and how I can get to the root cause.
Many Thanks,
Ajai
Solved! Go to Solution.
04-26-2011 09:11 PM
Show ip redirect
04-25-2011 11:50 PM
Hi,
Since everything else seems to be fine, I would have a look at the firewall. It could be caused by an access rule which blocks access to specific IP addresses, like the ones of the switches which don't get ping replies.
Best regards,
Giorgos
04-26-2011 12:22 AM
Hi Giorgos,
The Firewall is the default gateway for the core switches.
The setup is like this.
Rack switch --> Core Switch-->Core Router<--WAN LINK--> DRS L3 Switch-->DR NTP Server.
|
Firewall
|
Internet
The Rack switch has the Core switch as default gateway.and the core switch has an entry for the remote subnet in the routing table.
Hope this clarifies.
Thanks,
Ajai
04-26-2011 12:30 AM
OK, Ajai I've figured it out. Thanks for the information.
Where does traceroute time out?
Giorgos
04-26-2011 01:07 AM
The ping/ traceroute to DR NTP is hitting the internal firewall instead for going to the core router.
Ping and traceroute to any other IP in the DR NTP Server subnet goes to the core switch and then to core router.
04-26-2011 01:16 AM
Ajai,
What about the ARP table of the rack switch? Did you check it as well?
Giorgos
04-26-2011 01:26 AM
Hi Giorgos,
The rack switch is got the arp entries for the core switch and core router.
Regards,
Ajai
04-26-2011 12:30 AM
Check all relevant ARP entries, or try clear ARP.
Also try clear mac-address-table.
04-26-2011 01:12 AM
Hi Paolo,
The Rack switch is got the right arp entries for the core switch and core router.
Regards,
Ajai
04-26-2011 09:11 PM
Show ip redirect
04-27-2011 02:39 AM
Hi Dennis,
Noticed that the Host IP is using the firewall as the gateway from the show ip redirects output. Cleared ip redirects and i am now able to ping the NTP server.
Thanks a lot for the help.
Regards,
Ajai
04-27-2011 02:41 AM
I had a same case recenty too. 5 points awarded!
04-27-2011 02:45 AM
But still not sure what could have caused the host to be redirected to the wrong gateway.
I do have the Core switch configured as the default gateway.
04-27-2011 05:04 AM
If it is a dynamic route to the destination on the default gateway and that route goes away, then the default gateway may send icmp redirects for whatever route now matches the destination. Some switches fail to properly timeout redirects.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide