Support Center > Search Results > SecureKnowledge Details
Cluster member is down and routed pnote is in a problem state Technical Level
Symptoms
  • A Cluster member is down, with a similar output:

    # cphaprob state
    
    Cluster Mode:   High Availability (Active Up) with IGMP Membership
    
    Number     Unique Address  Assigned Load   State
    
    1 (local)  10.x.x.y       100%         Active
    2          10.x.x.z       0%           Down

  • The routed pnote is in a problem state:

    # cphaprob -ia list
    
    Built-in Devices:
    
    Device Name: Problem Notification
    Current state: problem
    
    Registered Devices:
    ...
    Device Name: routed
    Registration number: 2
    Timeout: none
    Current state: problem
    Time since last report: 478.6 sec

  • Kernel Drop debug with filtering for port 2010 shows the following anti-spoofing drops:
    # fw ctl zdebug drop | grep 2010
    ;[cpu_0];[fw4_0];fw_log_drop_conn: Packet dir 1, 10.x.x.y:36460 -> 10.x.x.z:2010 IPP 6, dropped by do_inbound, Reason: Address spoofing;

  • The 'show cluster state' command in the iclid shell indicates there is a Cluster Register problem:
    > show cluster state
    ...
    Cluster Routed Pnote Change History
    Timestamp Routed State Event Description
    [DATE TIME] PROBLEM DR Enabled; Cluster Register [Problem]

  • The routed log (sk92787) shows the following error:
    [DATE TIME] cpcl_slave_connect_complete(4364): connection error Transport endpoint is not connected

Cause

Anti-spoofing on the relevant interface is not configured correctly, and as a result port 2010 traffic used by routed is being dropped.


Solution
Note: To view this solution you need to Sign In .