LogFAQs > #975177087

LurkerFAQs, Active DB, DB1, DB2, DB3, DB4, DB5, DB6, DB7, DB8, DB9, DB10, DB11, Database 12 ( 11.2023-? ), Clear

Topic List	Page List: 1
Topic	I found something specific for that weird DHCP issue I've been troubleshooting
CableZL 07/31/23 6:07:12 PM #1:	So 3 of our branch locations have been affected by a DHCP problem after we upgraded the software on our head-end firewalls. It happened while I was on call a few weeks ago, so I'm the one that has to drive the problem to its solution. So we have two data centers... We'll call them DC1 and DC2 We've got a high availability (HA) pair of firewalls in each data center for each of our branch locations to connect to. Each firewall HA pair has two data center switches that it load balances traffic over to send traffic to anything and everything that lives in the data center. DNS servers, DHCP servers, our edge internet firewall, etc. The firewalls in DC1 are load balancing to both data center switches as expected. The firewalls in DC2 are load balancing to both data center switches EXCEPT FOR DHCP RELAY TRAFFIC The firewalls are only sending the traffic to the 2nd data center switch. As far as our data center network team can tell, the packet doesn't go anywhere from there. When I forced the traffic to go to the first data center switch, the DHCP relay traffic worked as expected. Traffic to our DNS servers is load balanced as expected So it's my suspicion now that 1) the firewall is somehow sending a bad packet to the ecore2 switch and 2) we've confirmed that the firewall isn't load balancing DHCP relay traffic properly. Hopefully the vendor can figure out what's wrong. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gif https://i.imgtc.com/vYYIuDx.jpg <cite>CableZL posted [p:975177087] in I found so... [t:80524604]...</cite> <quote>So 3 of our branch locations have been affected by a DHCP problem after we upgraded the software on our head-end firewalls. It happened while I was on call a few weeks ago, so I'm the one that has to drive the problem to its solution. So we have two data centers... We'll call them DC1 and DC2We've got a high availability (HA) pair of firewalls in each data center for each of our branch locations to connect to. Each firewall HA pair has two data center switches that it load balances traffic over to send traffic to anything and everything that lives in the data center. DNS servers, DHCP servers, our edge internet firewall, etc.The firewalls in DC1 are load balancing to both data center switches as expected.The firewalls in DC2 are load balancing to both data center switches EXCEPT FOR DHCP RELAY TRAFFICThe firewalls are only sending the traffic to the 2nd data center switch. As far as our data center network team can tell, the packet doesn't go anywhere from there. When I forced the traffic to go to the first data center switch, the DHCP relay traffic worked as expected. Traffic to our DNS servers is load balanced as expectedSo it's my suspicion now that 1) the firewall is somehow sending a bad packet to the ecore2 switch and 2) we've confirmed that the firewall isn't load balancing DHCP relay traffic properly. Hopefully the vendor can figure out what's wrong. --- https://i.imgtc.com/d9Fc4Qq.gif https://i.imgtc.com/BKHTxYq.gifhttps://i.imgtc.com/vYYIuDx.jpg</quote> ... Copied to Clipboard!
Topic List	Page List: 1