Critical Device "routed" reports its state as "problem" and ClusterXL member is down

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk131352
Technical Level
Product	ClusterXL
Version	R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81, R81.10, R81.20
OS	Gaia
Platform / Model	All
Date Created	12-Jul-2018
Last Modified	24-Nov-2022

Symptoms

A Cluster member is down, with a similar output:

# cphaprob state

Cluster Mode:   High Availability (Active Up) with IGMP Membership

Number     Unique Address  Assigned Load   State

1 (local)  10.x.x.y       100%         Active
2          10.x.x.z       0%           Down

The routed pnote is in a problem state:

# cphaprob -ia list

Built-in Devices:

Device Name: Problem Notification
Current state: problem

Registered Devices:
...
Device Name: routed
Registration number: 2
Timeout: none
Current state: problem
Time since last report: 478.6 sec

Kernel Drop debug with filtering for port 2010 shows the following anti-spoofing drops:
# fw ctl zdebug drop | grep 2010 ;[cpu_0];[fw4_0];fw_log_drop_conn: Packet dir 1, 10.x.x.y:36460 -> 10.x.x.z:2010 IPP 6, dropped by do_inbound, Reason: Address spoofing;
The 'show cluster state' command in the iclid shell indicates there is a Cluster Register problem:
> show cluster state ... Cluster Routed Pnote Change History Timestamp Routed State Event Description [DATE TIME] PROBLEM DR Enabled; Cluster Register [Problem]
The routed log (sk92787) shows the following error:
[DATE TIME] cpcl_slave_connect_complete(4364): connection error Transport endpoint is not connected

Cause

Possible reason - Anti-Spoofing on the relevant interface is not configured correctly. As a result, the RouteD traffic over the TCP port 2010 is dropped.

Solution

Note: To view this solution you need to Sign In .