Jump to content
Welcome to our new Citrix community!

VPX HA Setup - IP Conflict passive node


Luca Ferraro

Recommended Posts

Hi all, 

 

We have a 2 node HA setup and everything is working fine so far. The nodes are setup as 2 arm deployment with an additional dedicated nic for management access. So in total 3 nics.

The nodes didnt have internet access except the VIP from the gatway was reacheable.

 

Since january 2021 i configured OTP push therefore our networking team enabled webaccess for my external SNIP. I think, since then I see the following entries in my syslog:

192.168.1.2 02/01/2021:14:32:52 GMT vpx02 0-PPE-0 : default SNMP TRAP_SENT 0 0 : ipConflict (ipConflictAddr = 192.168.2.1, ipConflictMacAddr = "our:mac:address", nsPartitionName = default)

 

The conflicting mac address is from the hyper v host, on which the standby vpx node is running. On the vpx itself it shows everything right with active/passive.

Also each network adapter is bound to the correct vlan and corresponding subnet ip.

 

 

Here are the networking parts from the vpx config:

 

-------------------------------------------

#NS13.0 Build 67.39
# Last modified Fri Jan 29 11:48:21 2021
set ns config -IPAddress 192.168.5.1 -netmask 255.255.255.0
set ns config -nsvlan 1 -ifnum 0/1 -tagged NO

 

set interface 0/1 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 0/1
set interface 1/1 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 1/1
set interface 1/2 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 1/2
set interface LO/1 -haMonitor OFF -haHeartbeat OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1


add vlan 1
add vlan 2 -aliasName CTXOutside

add vlan 3 -aliasName CTXInside

 

add ns ip 192.168.1.1 255.255.255.0 -type NSIP -vServer DISABLED -gui SECUREONLY -mgmtAccess ENABLED -dynamicRouting ENABLED

 

add ns ip 192.168.2.5 255.255.255.248 -type VIP -snmp DISABLED
add ns ip 192.168.2.1 255.255.255.248 -vServer DISABLED


add ns ip 192.168.3.5 255.255.255.240 -type VIP -snmp DISABLED
add ns ip 192.168.3.1 255.255.255.240 -vServer DISABLED -telnet DISABLED -ftp DISABLED -gui SECUREONLY -snmp DISABLED -mgmtAccess ENABLED




bind vlan 2 -ifnum 1/1
bind vlan 2 -IPAddress 192.168.2.1 255.255.255.240
bind vlan 3 -ifnum 1/2
bind vlan 3 -IPAddress 192.168.3.1 255.255.255.248

----------------------------------------------------------------

The ip's and vlans are changed up.

 

Is this maybe a bug or a missconfiguration on the firewall? 

 

Many thanks and kind regards

 

Luke

 

networking.png

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...