Wednesday, October 29, 2014

Checkpoint HA and Linux ping

======= ping from Mkdata fw 1

 [Expert@HKDC-MDFW01]# ifconfig et2
et2: error fetching interface information: Device not found
[Expert@HKDC-MDFW01]# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:11:0A:5C:9C:42
          inet addr:10.64.47.2  Bcast:10.64.47.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2765092474 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1641068850 errors:121688095 dropped:0 overruns:0 carrier:121688095
          collisions:264179110 txqueuelen:100
          RX bytes:4254983326 (4057.8 Mb)  TX bytes:385093500 (367.2 Mb)
          Base address:0x5000 Memory:fdfe0000-fe000000

 From 10.64.47.33 icmp_seq=33 Destination Host Unreachable
[Expert@HKDC-MDFW01]# ping 192.168.7.20
PING 192.168.7.20 (192.168.7.20) 56(84) bytes of data.
From 10.64.47.33 icmp_seq=0 Destination Host Unreachable

 --- 192.168.7.20 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
, pipe 2

 [HKDC-MDFW01]# cphaprob state

 Cluster Mode:   Load Sharing (Unicast)

 Number     Unique Address  Assigned Load   State

 1 (local)  172.29.1.2      30%             Active       (pivot)
2          172.29.1.3      70%             Active
======= but recieved the reply at fw -2-

 [Expert@HKDC-MDFW02]# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:11:0A:5D:03:68
          inet addr:10.64.47.3  Bcast:10.64.47.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:451092050 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2584982750 errors:4759498 dropped:0 overruns:0 carrier:4759498
          collisions:43777881 txqueuelen:100
          RX bytes:3569653811 (3404.2 Mb)  TX bytes:4193433553 (3999.1 Mb)
          Base address:0x5000 Memory:fdfe0000-fe000000

 [Expert@HKDC-MDFW02]# fw monitor -e 'accept icmp and host(10.64.47.33);'
 monitor: getting filter (from command line)
 monitor: compiling
monitorfilter:
Compiled OK.
 monitor: loading
 monitor: monitoring (control-C to stop)
eth2:i[56]: 10.64.47.33 -> 10.64.47.1 (ICMP) len=56 id=17086
ICMP: type=3 code=1 unreachable (host)
      10.64.47.1 -> 192.168.7.20 (ICMP: t=8 c=0) ipid=217
eth2:I[56]: 10.64.47.33 -> 10.64.47.2 (ICMP) len=56 id=17086
ICMP: type=3 code=1 unreachable (host)
      10.64.47.2 -> 192.168.7.20 (ICMP: t=8 c=0) ipid=217
 monitor: caught sig 2
 monitor: unloading
[Expert@HKDC-MDFW02]#

 ======= conclusion 
event the Linux levle traffic are HA ed by checkpoint


Posted by at No comments:
Subscribe to: Posts (Atom)