Reset Search



KB21297 - Both members of an Active-Passive cluster report that the partner PCS has the VIP address

« Go Back


Last Modified Date8/18/2015 12:25 AM

This article highlights the scenarios where this issue is seen and decribes what logs to collect to troubleshoot such issues. Each node will be able to ping  the other, but the VIPs will not respond to the ping.

Problem or Goal

An PCS Active-Passive cluster is configured with the internal VIP. Logging into PCS1 (, it reports that the VIP is on the partner PCS2 (

Logging into PCS2, it reports that PCS1 has the Internal VIP:


Possible Causes :

  • Another device/host's MAC address is replying to the ARP broadcast for the cluster's external VIP or internal VIP, which is making each node to interpret that the other node owns the VIPs.

  • The VPN Tunnel Server IP Address under Network Settings--->VPN Tunneling is configured to be an IP which is the same as the cluster VIP, external and internal physical IP, internal interface virtual port IP.
  • Another possible cause is that a device on the subnet is misconfigured to Proxy ARP for the VIP address.  Refer to for a description of the legitimate usage of Proxy ARP.


  1. Enable TCP Sniffing from the external and internal port (two arm configuration) and from the internal port (one arm configuration).Then execute ping and ARP commands from both nodes to the cluster Internal VIP. After a couple of minutes, stop the TCP sniffing from both nodes.

    Then filter the TCP dump with filter arp and check if any other host is reponding to the ARP request for the cluster external and internal VIP.

    If it is the case where another host's MAC address is replying to the ARP broadcast for the cluster's external VIP and cluster internal VIP, check on the network which hosts that MAC address and change the IP of that host to some other IP than the cluster's external and internal VIP.

  2. Make sure that the VPN Tunnel Server IP Address is not any IP configured on the Juniper device for Virtual ports, VLAN IP's,physical IP's and VIP IP's.

  3. Proxy arp is not supported. It will break clustering. It must be disabled on the interfaces the PCS connects to.

If 1, 2 and 3 do not work and the issue persists, please collect the following logs and open a case with a Juniper Networks technical support representative:

  • TCP dump from both nodes on both external and internal interfaces (for a two arm setup) and from internal interface (for a single arm setup)

  • System snapshot with debug logging enabled with event code DSNet, dsnetd at log level 10 and size 30 from both Nodes

  • User access, event and admin access logs from both Nodes

To enable debug logging, navigate to troubleshooting--->monitoring--->debug log and set debug logging on and enter event code as DSNet, dsnetd at log level 10 and size 30 and save changes. After replicating the issue, take an admin generated system snapshot with options include debug log and include system config checked.

Note: Turn off the debug logging after the debug log is taken.

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255