# cphaprob state
Cluster Mode: High Availability (Active Up) with IGMP Membership
Number Unique Address Assigned Load State
1 (local) 10.x.x.y 100% Active
2 10.x.x.z 0% Down
The routed pnote is in a problem state:
# cphaprob -ia list
Built-in Devices:
Device Name: Problem Notification
Current state: problem
Registered Devices:
...
Device Name: routed
Registration number: 2
Timeout: none
Current state: problem
Time since last report: 478.6 sec
Kernel Drop debug with filtering for port 2010 shows the following anti-spoofing drops: # fw ctl zdebug drop | grep 2010
;[cpu_0];[fw4_0];fw_log_drop_conn: Packet dir 1, 10.x.x.y:36460 -> 10.x.x.z:2010 IPP 6, dropped by do_inbound, Reason: Address spoofing;
The 'show cluster state' command in the iclid shell indicates there is a Cluster Register problem: > show cluster state
...
Cluster Routed Pnote Change History
Timestamp Routed State Event Description
[DATE TIME] PROBLEM DR Enabled; Cluster Register [Problem]
The routed log (sk92787) shows the following error: [DATE TIME] cpcl_slave_connect_complete(4364): connection error Transport endpoint is not connected
Cause
Possible reason - Anti-Spoofing on the relevant interface is not configured correctly. As a result, the RouteD traffic over the TCP port 2010 is dropped.