SmartView Tracker logs show that Active member drops PIM packets from Standby member due to address spoofing

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk110015
Technical Level
Product	ClusterXL
Version	R75 (EOL), R76 (EOL), R77 (EOL), R77.10 (EOL), R77.20, R77.30 (EOL)
OS	Gaia, SecurePlatform 2.6
Platform / Model	All
Date Created	08-Feb-2016
Last Modified	17-Apr-2018

Symptoms

SmartView Tracker logs show that Active member drops PIM packets from Standby member due to address spoofing.
Kernel debug ('fw ctl debug -m fw + drop') on Active cluster shows that PIM Hello packets sent from Standby cluster member are dropped:
- ;fw_log_drop_conn: Packet <dir 1, IP_of_Standby_Member:0 -> 224.0.0.13:0 IPP 2>, dropped by check_spoofing_befo, Reason: Address spoofing;
- ;fw_log_drop_ex: Packet proto=103 IP_of_Standby_Member:0 -> 224.0.0.13:0 dropped by fw_cluster_ttl_anti_spoofing Reason: ttl check drop
Setting the TTL to 255 on Active member per (sk42652) does not resolve the issue:
# echo 255 > /proc/sys/net/ipv4/ip_default_ttl
Disabling Extended Cluster Anti-Spoofing (per sk42652) resolves the issue.

Cause

By design, Active member ignores PIM packets sent by Standby member. Therefore, it drops them either with "Address spoofing" log, or with "Rejecting dynamic routing packet forwarded to wrong member" log.

Solution

Note: To view this solution you need to Sign In .