Flash systems only have 2 mac addresses. Either mac address can host cluster IP. Hosting is dependent on the which canister is the config node.
Flash 900 and 840 system hosts IP address on either mac address. Depending on which node is the config node will determine which mac address is hosting the cluster IP address.
There are situations where a system fail over occurs and the cluster IP changes mac addresses, the customer will state they can no longer access the cluster GUI.
The customer's network may not allow the ARP broad cast that occurs after a fail over or have the ARP table refresh set for a longer period of time.
Also, if the customer has a high security network, port security may be enabled to only allow certain mac addresses to host ip address combinations. The CU network will need to allow the mac addresses to host the cluster IP on either mac addresses.
In order for two hosts to communicate, the logical IPv4 address must be resolved to the physical address of the network adapter card (MAC address). This is done by ARP.
When a node fails over to the other node an ARP broadcast takes place announcing the new mac address for the IP address. In some switch configurations this update may be limited or delayed for security purposes. In some cases a switch configuration will prevent a cluster IP from switching ports. Mac address filtering on a port by port basis may restrict the mac address from hosting the new ip.
Below is an example of the Ethernet trc output file. You can see the IP address binding to config mac address.
To check the mac address you can look in the Ethernet trace file or lsportip:
Trouble shooting this issue:
Check IP address
Can you get to cluster via the canister IP ?
Is there network switch security ?
When trouble shooting cluster fail over issue. Keep in mind the basic networking trouble shooting
What is the address ? (we have seen cases where the cu was trying to get to an address on the company network but the class C address was on the local network not the remote network)
Dynamic ARP inspection.
Figure out the which canister is the config node. You can then connect to the cluster GUI via that IP address.
http://canister_ip/service - will get you to the SAT
http://canister_ip - this will get you to the cluster GUI on the config node.
If you can pull up the cluster GUI with this method, chances are good that the cu has a network issue.
There are switch security settings and ARP broad cast limiting switch setting that will not allow a smooth transitions to the other canister hosting the GUI in a fail over situation.
If the customer is getting some sort of JAVA or browser error. Confirm that he is routed to the correct IP. With Network Address translation you might be trying to access an IP address on the local network as apposed to the remote network.
12 December 2019