Support Center > Search Results > SecureKnowledge Details
Ping between cluster members fails when IPv6 is enabled and configured
Symptoms
  • Ping between cluster members fails on the pair of interfaces, whose IP addresses are defined in cluster members' objects.

  • Traffic capture on the on the problematic pair of interfaces shows that Source IP address in the ICMP Request packets is changed to Cluster Virtual IP address (defined on the involved pair of interfaces).
    Logs show NAT on Rule 0.

  • Ping between cluster members on other pairs of interfaces works as expected.
    Traffic capture on other pairs of interfaces shows that Source IP address in the ICMP Request packets is Physical IP address of the involved interface.

  • Removing all IPv6 addresses from the cluster's topology and installing the policy resolves the issue.

Cause

IPv4 addresses that are defined in SmartDashboard on the problematic pair of interfaces in cluster members' objects belong the involved interfaces.

IPv6 addresses that are defined in SmartDashboard on the problematic pair of interfaces in cluster members' objects belong to other interfaces.

Example:

  • IPv4 addresses defined in SmartDashboard in cluster members' objects belong to eth0
  • IPv6 addresses defined in SmartDashboard in cluster members' objects belong to eth2

As a result, the cluster members' IPv4 addresses of the problematic pair of interfaces are missing from the cluster members.

Comparing the output of "fw tab -t cluster_members_ips" command on cluster member's shows the following:

  • When only IPv4 addresses are defined in cluster object topology - all members' IPv4 addresses are present
  • When both IPv4 and IPv6 addresses are defined in cluster object topology - the IPv4 addresses of the problematic pair of interfaces are missing (in our example - IPv4 addresses of eth0 interfaces)

Solution
Note: To view this solution you need to Sign In .