[IAG] Core Switch when pinging the front-end firewall LAN port address, but normal operation is normal when IAG is switched off
Problem Description
Topology environment: terminal–Core Switch (three-layer)–IAG (bridge)–firewall (route)
Problem phenomenon: When pinging the LAN port address of the front-end firewall on the Core Switch, packet loss occurs. After the IAG is disconnected, the core pings the LAN port address of the front-end firewall and it works normally.
Process——
- After the source and destination addresses of ping are passed through and globally excluded on the IAG, packet loss still occurs when the core ping firewall LAN port is used. At the same time, the packet capture tool on the IAGweb console interface captures the data packets of the core ping firewall LAN port address on the IAG's LAN port and WAN port. Analysis shows that there is no packet loss.
99495dfcdb3662bfa.png (244.41 KB) - However, the ping record on the core shows that there is still packet loss
774285dfcdb69c7de8.png (81.8 KB) - After checking the switch interface information, it was found that there was a record of packet loss at Core Switch port, and the packet loss value was increasing.
240805dfcdba5ddb20.png (419.97 KB)
solution
The root cause was packet loss at the network port connecting the Core Switch and IAG. The problem was solved after the user was advised to replace the network port connecting the Core Switch and IAG.
Original Link
https://support.sangfor.com.cn/cases/list?product_id=22&type=1&category_id=7223&isOpen=true