-
Enable TCP Sniffing from the external and internal port (two arm configuration) and from the internal port (one arm configuration).Then execute ping and ARP commands from both nodes to the cluster Internal VIP. After a couple of minutes, stop the TCP sniffing from both nodes.
Then filter the TCP dump with filter arp and check if any other host is reponding to the ARP request for the cluster external and internal VIP.
If it is the case where another host's MAC address is replying to the ARP broadcast for the cluster's external VIP and cluster internal VIP, check on the network which hosts that MAC address and change the IP of that host to some other IP than the cluster's external and internal VIP.
-
Make sure that the VPN Tunnel Server IP Address is not any IP configured on the Juniper device for Virtual ports, VLAN IP's,physical IP's and VIP IP's.
-
Proxy arp is not supported. It will break clustering. It must be disabled on the interfaces the PCS connects to.
If 1, 2 and 3 do not work and the issue persists, please collect the following logs and open a case with a Juniper Networks technical support representative:
-
TCP dump from both nodes on both external and internal interfaces (for a two arm setup) and from internal interface (for a single arm setup)
-
System snapshot with debug logging enabled with event code DSNet, dsnetd at log level 10 and size 30 from both Nodes
-
User access, event and admin access logs from both Nodes
To enable debug logging, navigate to troubleshooting--->monitoring--->debug log and set debug logging on and enter event code as DSNet, dsnetd at log level 10 and size 30 and save changes. After replicating the issue, take an admin generated system snapshot with options include debug log and include system config checked.
Note: Turn off the debug logging after the debug log is taken.
