Support Center > Search Results > SecureKnowledge Details
Traffic sent to IP addresses X.X.X.255 is dropped by ClusterXL in Load Sharing Unicast mode with "cluster error" Technical Level
Symptoms
  • Traffic sent to IP addresses X.X.X.255 (last octet is "255", but is not a broadcast address on this network) does not pass through ClusterXL in Load Sharing Unicast mode.

  • Kernel debug ('fw ctl debug -m fw + drop') + SecureXL SIM debug ('sim dbg -m pkt + cpls drop') on non-Pivot member show:

    [SIM]pivot_process_incoming: non-pivot member cannot handle broadcast/multicast, dropping packet (<Dest_IP_Address.255>)
    [SIM]pivot_process_incoming: packet sent from pivot, passing packet
    [SIM]sim_pkt_send_drop_notification: recieved drop, reason: ZZZ;
    ... ... ...
    ;fw_log_drop_conn: Packet proto=N X.X.X.X:XXX -> Dest_IP_Address.255:YYY, dropped by handle_inbound_packet, Reason: cluster error;
  • Disabling SecureXL on all cluster members resolves the issue.

Cause

SecureXL always considers IP address X.X.X.255 as broadcast address. By design, non-Pivot member cannot handle non-unicast traffic. As a result, this traffic is dropped.


Solution
Note: To view this solution you need to Sign In .