NLB Host Unreachable

Hi All,
Our SharePoint 2010 environment is using Microsoft NLB to cluster its front end web servers.
Yesterday, one of our active directory domain controllers was demoted and the server rebooted, this server also acts as one of our DNS servers. When it was rebooted, our SharePoint environment became unavailable; Users were getting prompted
with an authentication box. Looking into it further there is a Host Unreachable error between the 2 load balancers. After about 20mins the domain controller was promoted again, server rebooted and everything became available again.
Can anyone shed any light on why this may have occurred. Is it simply that the load balancers lost the DNS and the ability to talk to each other. If so why did it not use the secondary DNS server configured in windows and remain alive?
Or does the issue lie with the domain controller being demoted?
Any help appreciated.
Cammie

Hi,
I am not very similar the SharePoint, but it seems is the client use the FQDN to access the SharePoint resource, but when your DC demote the DNS have some issue. Please try
to ping the NLB virtual IP to see it reachable or not.
If at any point the DNS Client service receives a negative response from a server, it removes every server on that adapter from consideration during this search. For example,
if in step 2, the first server on Alternate Adapter A gave a negative response, the DNS Client service would not send the query to any other server on the list for Alternate Adapter A.
The related KB:
DNS Processes and Interactions
http://technet.microsoft.com/en-us/library/dd197552(v=ws.10).aspx
Demoting Domain Controllers and Domains (Level 200)
http://technet.microsoft.com/en-us/library/jj574104.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Similar Messages

Host Unreachable intermittently within a Windows Network Load Balancing Cluster

Hi,
We have 2 Windows 2008 R2 servers running multiple IIS web sites and load balanced across Windows Network Load Balancer in unicast mode. Although there are two interfaces in each server, only 1 interface in each server participates in load balancing and
other interface is used for a different backup LAN. The problem I am going to mention was not seen within the NLB for almost 1 year.
I have noticed intermittent "host unreachable" detected from NLB in each host from time to time since 3 weeks ago. After servers are rebooted, both hosts can be reached and can be detected from NLB manager. However it becomes unreachable in both
servers within minutes and then becomes reachable again after several minutes. This behavior is noticed in the load balancer and pings do not work between the two hosts when the issue occurs. I did a packet capture to see what was going on with ARP message
when the issue occurs. ARP entry goes missing in each server when the problem occurs and no ARP replies are returned from each server. But ARP requests are dispatched from both servers when the issue occurs. ARP replies come back after sometime after which
hosts become reachable again.
I tried to create a permanent static ARP entry (By copying the MAC address from ARP table when the two hosts are reachable) in each host but that hasn't solved the issue either. It seems like the individual MAC address generated by each host is a virtual
one and it doesn't seem to respond when the problem occurs.
However load balancing and web sites are fully functional without any issues even while "host unreachability" issue is detected.
Appreciate if someone could help me to dig the real problem out.
Thank you.

Hi,
Did you do some change of your network or the NLB firewall settings recently?
If you are using the NLB cluster in Hyper-V guest vm you need to enable the spoofing of MAC address.
The related article:
Cannot access the virtual or dedicated IP address of an NLB node (Guest) running in Unicast Mode on Windows Server 2008 R2 Hyper-V
http://blogs.technet.com/b/networking/archive/2010/02/12/cannot-access-the-virtual-or-dedicated-ip-address-of-an-nlb-node-guest-running-in-unicast-mode-on-windows-server-2008-r2-hyper-v.aspx
More information:
Selecting the Unicast or Multicast Method of Distributing Incoming Requests
http://technet.microsoft.com/en-us/library/cc782694(v=ws.10).aspx
Single network adapter
http://technet.microsoft.com/en-us/library/cc776178(v=ws.10).aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Lenovo W530/W540 Getting Destination host Unreachable from our Firewall

Hey Everyone!
I'm having some bizarre issues with all of my Lenovo W530/W540's. I'm not sure when the issue started, the first time it was reported to me was around March, and it has been persistant since the issue was discovered. The issue is that, quite frequently, our Lenovo W530/W540's will get Destiantion Host Unreachable if I run a continuous ping (ping -t ...) to anything outside our firewall.
I have run a ping to things inside our firewall (other computers/servers, etc.) and they will return good ping until the cows come home.
However, if I try to ping anything outside our firewall (google.com, google DNS 8.8.8.8, yahoo.com, etc.) about every 30 seconds (every 30-35 returns) it starts returning Destitnation Host Unreachable from our Firewall. This will last for around 10-25 returns, and then traffic goes back to normal.
We are a majority Apple Shop, and when I attempt to ping from any Apple on the network, it get fine returns consistently. I also tried pinging from the few non-Lenovo Windows Machines we have as well (my personal machine which is self-built Windows rig, a couple of windows test machines, and a Windows 2008 Server we have) and they also have consistently good returns as well.
It is ONLY the Lenovo's that have this problem. To compound things, they have no issue when they are connected to a different network other than the company network. This ONLY happens when they try to interact with traffic going THROUGH our Firewall on our company network. It happens regardless of whether they hardwired or wireless. Also, during the Destination Host Unreachable moments, Windows does not detect a disruption, it keeps registering good connection. I do not know how often Windows checks for connection, but these Destination Host Unreachable moments are so quick, I'm fairly certain that Windows can't even detect them.
Our Firewall is a Linux CentOS server that is running Shorewall Firewall Software. The Destination Host Unreachable notice is coming from our Firewall directly, not from our ISP, so for some reason, the Lenovo is having a problem talking to our FW.
We currently only have 3 of these machines in circulation, but its having a pretty big impact on those with the machines, as going to a website is even a chore, as they often get "Page Not Found" and other errors when they try to load a website.
I'm a bit stumped, I've never seen a machine act this way where it only has problems on a particular network; usually its a global issue it has with everything. Any and all help would be appreciated.
Thanks!
-Chris

DNS is set to be automatic, though I did try setting a permenent DNS server in the IPv4 settings to our local DNS server AND Google DNS, and the issue still occurred.
The 2 Conflicting firewalls could be it, so I tested that. I logged into the Local Administrator account on the machine so I could temporarily disable the firewall. I disabled it, pinged out, and I still get Destination host unreachable, though weirdly, it seems to happen less than when on the other account (only about every 50-60 pings do I get Destination host Unreachable).

New Install - ICMP Host Unreachable from gateway

Hi team,
I'm configuring a new solaris x86 box for the first time in a long time and I'm running into a problem that has me stumped.
I just installed Solaris 10 v7 on a P4 Dell box with an intel pro1000 adapter loaded.
Installed using ZFS and install went well. I set a static IP of 192.168.1.70 on a proper 192.168.1.x lan.
After install, everything seems to work fine but cannot ping a FQDN such as www.google.com, etc.
at first, I tried to join a local domain - maxximgroup.com and my computer name is set to sunzilla.
Here's my network config files;
sunzilla is set up with static IP = 192.168.1.70
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
e1000g0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.70 netmask ffffff00 broadcast 192.168.1.255
ether 0:1b:21:27:56:2c
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
inet6 fe80::21b:21ff:fe27:562c/10
ether 0:1b:21:27:56:2c
And /etc/hosts shows host name sunzilla associated w/ 192.168.1.70...
# cat /etc/hosts
# Internet host table
::1 localhost
127.0.0.1 localhost
192.168.1.70 sunzilla loghost
And my resolv.conf file shows my internal DNS routers as well as a 3rd I added (4.2.2.2) just in case...
# cat /etc/resolv.conf
domain maxximgroup.com
nameserver 192.168.1.20
nameserver 192.168.1.22
nameserver 4.2.2.2
search maxximgroup.com
I noticed the /etc/defaultrouter file was MISSING... so I created one pointing to my router...
# cat /etc/defaultrouter
192.168.1.1
And finally, I checked the /etc/nsswitch.conf file and it does indeed show hosts & ipnodes --> files & dns ...
# cat /etc/nsswitch.conf
# Copyright 2006 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
# /etc/nsswitch.dns:
# An example file that could be copied over to /etc/nsswitch.conf; it uses
# DNS for hosts lookups, otherwise it does not use any other naming service.
# "hosts:" and "services:" in this file are used only if the
# /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
# DNS service expects that an instance of svc:/network/dns/client be
# enabled and online.
passwd: files
group: files
# You must also set up the /etc/resolv.conf file for DNS name
# server lookup. See resolv.conf(4).
hosts: files dns
# Note that IPv4 addresses are searched for in all of the ipnodes databases
# before searching the hosts databases.
ipnodes: files dns
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
printers: user files
auth_attr: files
prof_attr: files
project: files
tnrhtp: files
tnrhdb: files
I can ping local IP addresses ...
# ping 192.168.1.1
192.168.1.1 is alive
But not external addresses ...
# ping 67.15.211.8
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
ICMP Host Unreachable from gateway sunzilla (192.168.1.70)
for icmp from sunzilla (192.168.1.70) to ns1.siteground168.com (67.15.211.8)
^C#
and naturally, I can ping a FQDN either (confirmed to be pingable on a computer on the same lan) ...
# ping mycloud.local
ping: unknown host mycloud.local
Can anyone provide some guidance pls?

Thanks Robert. You were absolutely on the right track. It turns out that in my "rush" to get my new ZFS "toy" up and running, during the install, I gave Solaris a static address but told it to automatically find the gateway. Oops! When solaris 10 installed, it correctly decided that since it had a static IP, it should assign the gateway as itself! So, naturally, when I ran netstat -m, It showed my gateway as myself! 192.168.1.70 sunzilla.
I'm used to running Solaris on a Sparc platform and I'm a bit uncomfortable with reboots and I figured there would surely be a network restart command somewhere. After finding out that things have now changed in Solaris 10 quite a bit from Solaris 8, I just decided to init 6.
After the system came up, everything was happy : -)
So again, thanks to Robert for helping save the day!

HOST UNREACHABLE - two network cards

We have two ethernet cards. The first has a static
IP address. This is the card that is used for our
internal network. The second card recieves a dynamic
IP address from a DHCP server. The second card is
used to connect our machine to the internet. When we
disable the second card we are able to make a socket
connection and connect to our database. When the
second card is enabled the socket connection fails and
we get a HOST UNREACHABLE ERROR.
What must be configured here ?
Any help would be appreciated.
null

Messy setup IMO, but anyway....
Your faulty resolv.conf is the reason you can't ping google. Edit it manually as required, and then use the -R flag in /etc/conf.d/dhcpcd to prevent it being overwritten. DHCP on both interfaces will probably cause routing issues as well, in which case you will need the -G flag.

From Exchange 5.5, I have problems sending email to iPlanet Messaging Server 5.1 with subdomain. Error result = The recipient was unavailable to take delivery of the message (Host unreachable)

I'd start with the basics, can you ping the iMS machine? Can you telnet to port 25 on the machine? Do these steps from the MSX server.
If those things work, which I suspect they will not based on the text "Host unreachable" in your question then I would put master_debug slave_debug on the channel which the MSX system is arriving, either going to be tcp_local or tcp_intranet. Then look at the resulting log file on the iMS system.
Hope this helps,
Chad

Intermittent "host unreachable resolving..." error

At least once a day (sometimes 2-3 times) our DNS server stops working for about 3-5 minutes. It appears to happen randomly (i.e. always at a different time) and after a few minutes, it goes back to normal.
When the problem occurs, none of the external addresses can be resolved and the DNS logs lots of "host unreachable" entries. Here's a brief sample (I'm showing the instance when the DNS goes from non-responsive to working again):
21-Feb-2011 12:51:18.533 host unreachable resolving 'n.nic.at/AAAA/IN': 2001:628:453:4305::53#53
21-Feb-2011 12:51:19.252 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:dc3::35#53
21-Feb-2011 12:51:20.133 host unreachable resolving 'n.nic.at/AAAA/IN': 2a02:568:20::8#53
21-Feb-2011 12:51:22.912 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:503:c27::2:30#53
21-Feb-2011 12:51:22.912 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:500:1::803f:235#53
21-Feb-2011 12:51:23.116 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2a02:568:20:1::d#53
21-Feb-2011 12:51:23.116 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:67c:1010:12::53#53
21-Feb-2011 12:51:23.117 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:678:d::cafe#53
21-Feb-2011 12:51:25.720 host unreachable resolving 'ns2.nessus.at/AAAA/IN': 2001:628:453:4302::53#53
21-Feb-2011 12:51:26.556 success resolving 'n.nic.at/AAAA' (in 'nic.at'?) after disabling EDNS
21-Feb-2011 12:51:30.613 host unreachable resolving 'ns5.univie.ac.at/AAAA/IN': 2001:62a:4:303::53#53
21-Feb-2011 12:51:30.623 success resolving 'ns5.univie.ac.at/AAAA' (in 'univie.ac.at'?) after disabling EDNS
21-Feb-2011 12:51:31.776 host unreachable resolving 'kropka.www.tokfm.pl/A/IN': 2001:6d8:0:1::a:6#53
21-Feb-2011 12:51:34.505 success resolving 'ns2.nessus.at/AAAA' (in 'nessus.at'?) after reducing the advertised EDNS UDP packet size to 512 octets
Any suggestions as to what could be the cause of this? At any other time the DNS appears to be working correctly.

This question was answered by Mr. Hoffman in another threat. It appears that the problem was related to a faulty AEBS router. Replacing it with another box "fixed" the issue.

ICMP Host Unreachable from gateway localhost (127.0.0.1)

I had a functional zone. But we had an outage and for some reason one of my zones is unreachable. Looks like the problem is that the default route has changed. How can I add a default route to a zone?
Thanks
Manish
--- global zone ---
-bash-3.00# zoneadm list -iv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
2 www running /export/zones/www native shared
4 java running /export/zones/java native shared
--- zone java ---
-bash-3.00# ping 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
ICMP Host Unreachable from gateway localhost (127.0.0.1)
for icmp from localhost (127.0.0.1) to 131.247.16.130
-bash-3.00# ifconfig -a
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
bge0:3: flags=4001000842<BROADCAST,RUNNING,MULTICAST,IPv4,DUPLICATE> mtu 1500 index 2
inet 131.247.16.149 netmask ffffff80 broadcast 131.247.16.255
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
127.0.0.1 127.0.0.1 UH 4 61 lo0:1
-bash-3.00# route add default 131.247.16.254
add net default: gateway 131.247.16.254: insufficient privileges
--- zone www ---
-bash-3.00# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 131.247.16.254 UG 1 47
131.247.16.128 131.247.16.131 U 1 13 bge0:2
224.0.0.0 131.247.16.131 U 1 0 bge0:2
127.0.0.1 127.0.0.1 UH 4 108 lo0:2

ifconfig -a will show when you have a duplicated IP address.
It appears along with the text values for the interface flags ie
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
You would see DUPLICATE or DUPLICATED in that field, and the flags would be different. Sorry, I don't have a duplicate IP situation going on right now, but my memory says it looked something like this:
host-u010|global$ ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index
1
inet 127.0.0.1 netmask ff000000
bge0: flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,DUPLICATE> m
tu 1500 index 2
inet 10.236.93.156 netmask ffffffc0 broadcast 192.168.93.191
groupname data
host-u010|global$
Cheers,

CUPS 8.6.1 on VMware Workstation 7.1.2 - After reboot of host, CUPS is unreachable

Hi,
after installing CUPS 8.6.1.10000-34 in VMware Workstation 7.1.2 build-301548 and eventually rebooting the host, CUPS is not reachable via IP anymore, i.e. ping from physical NIC of the host to virtual NIC of the CUPS VM fails (Destination Host Unreachable). This also applies vice versa, as well as to HTTP/HTTPS, SSH traffic, etc.
Before the reboot of the host, there were no issues. The reboot had to be done, due to system updates.
The suprising fact is, that the CUPS can ping the CUCM (8.6.2.20000-2, also running on the same host and VMware Workstation), but no other machine.
In order to disqualify firewall issues, I turned off the host's firewall, as well as the iptables firewall of the CUPS. However the issue still persisted.
Did anyone run in the same problem? So far the only solution was to reinstall CUPS and not to turn off the host...which is not really acceptable, even in a test environment.
Thanks a lot in advance for your help!
Kind regards
Igor Lukic

The usual problem is that the Cisco OS comes with the WMware drivers for ESXi and not Workstation. As a result the NIC does not come up correctly. Anything that takes down the NIC and brings it up again (such as changing the gateway address) will work until the next time you reboot.
Update the WMware driver in your CUPS
With the CUPS running in WMware use VM/Install WMware tools.
Then on the CLI of CUPS enter: utils vmtools upgrade
You can also check which versions of the WMware driver is installed with: utils vmtools status
Graham

Suppress database/listener/agent unreachable if host unavailable

Hi,
When a host becomes unavailable due to network issues we receive a deluge of agent/database/listener/host unreachable notifications. Is there a clean way to make sure that when a host is unreachable via ping for example other unreachable target notifications are suppressed?
Thanks for any help in advance
Phil
Edited by: user10912727 on 11-Apr-2011 04:01
Edited by: user10912727 on 11-Apr-2011 04:02

Hi Rob,
Thanks for taking the time to reply. Shame these is no way of doing this but I understand why.
Regards
Phil

MS NLB with ASA and Static NAT from PUP to NLB IP

Hi all,
I am trying to get MS NLB up and running. It is almost all working. Below is my physical setup.
ASA 5510 > Cat 3750X >2x ESXi 5.1 Hosts > vSwitch > Windows 2012 NLB Guest VMs.
I have two VMs runing on two different ESXi hosts. They have two vNICs. One for managment and one for inside puplic subnet. The inside puplic subnet NICs are in the NLB cluster. The inside public subnet is NATed on the ASA to a outide public IP.
192.168.0.50 is the 1st VM
192.168.0.51 is the 2nd VM
192.168.0.52 is the cluster IP for heartbeat
192.168.0.53 is the cluster IP for NLB traffic.
0100.5e7f.0035 is the cluster MAC.
The NLB cluster is using MULTICAST
I have read the doumentation for both the ASA and CAT switch for adding a static ARP using the NLB IP and NLB MAC.
For the ASA I found
http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1226249
ASDM
Configuration > Device Management > Advanced > ARP > ARP Static Table
I was able to add my stic ARP just fine.
However, the next step was to enable ARP inspection.
Configuration > Device Management > Advanced > ARP > ARP Inspection
My ASDM does not list ARP Inspection, only has the ARP Static Table area. Not sure about this.
For the CAT Switch I found
http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
I added the both the ARP and Static MAC. For the static MAC I used the VLAN ID of the inside public subnet and the interfaces connected to both ESXi hosts.
On the ASA I added a static NAT for my outside Public IP to my inside pupblic NLB IP and vise versa. I then added a DNS entry for our domain to point to the outside public IP. I also added it to the public servers section allowing all IP traffic testing puproses.
At any rate the MS NLB is working ok. I can ping both the Public IP and the Inside NLB IP just fine from the outside. (I can ping the inside NLB IP becuase I'm on a VPN with access to my inside subnets) The problem is when I go to access a webpade from my NLB servers using the DNS or the Public IP I get a "This Page Can't Be Displyed" messgae. Now while on the VPN if I use the same URL but insied use the NLB IP and not the Public IP it works fine.
So I think there is soemthing wrong with the NATing of the Public to NLB IP even tho I can ping it fine. Below is my ASA Config. I have bolded the parts of Interest.
Result of the command: "show run"
: Saved
ASA Version 8.4(4)9
hostname MP-ASA-1
enable password ac3wyUYtitklff6l encrypted
passwd ac3wyUYtitklff6l encrypted
names
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address 198.XX.XX.82 255.255.255.240
interface Ethernet0/1
description Root Inside Interface No Vlan
speed 1000
duplex full
nameif Port-1-GI-Inside-Native
security-level 100
ip address 10.1.1.1 255.255.255.0
interface Ethernet0/1.2
description Managment LAN 1 for Inside Networks
vlan 2
nameif MGMT-1
security-level 100
ip address 192.168.180.1 255.255.255.0
interface Ethernet0/1.3
description Managment LAN 2 for Inside Networks
vlan 3
nameif MGMT-2
security-level 100
ip address 192.168.181.1 255.255.255.0
interface Ethernet0/1.100
description Development Pubilc Network 1
vlan 100
nameif DEV-PUB-1
security-level 50
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/1.101
description Development Pubilc Network 2
vlan 101
nameif DEV-PUB-2
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/1.102
description Suncor Pubilc Network 1
vlan 102
nameif SUNCOR-PUB-1
security-level 49
ip address 192.168.3.1 255.255.255.0
interface Ethernet0/1.103
description Suncor Pubilc Network 2
vlan 103
nameif SUNCOR-PUB-2
security-level 49
ip address 192.168.4.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa844-9-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Inside-Native-Network-PNAT
subnet 10.1.1.0 255.255.255.0
description Root Inisde Native Interface Network with PNAT
object network ASA-Outside-IP
host 198.XX.XX.82
description The primary IP of the ASA
object network Inside-Native-Network
subnet 10.1.1.0 255.255.255.0
description Root Inisde Native Interface Network
object network VPN-POOL-PNAT
subnet 192.168.100.0 255.255.255.0
description VPN Pool NAT for Inside
object network DEV-PUP-1-Network
subnet 192.168.0.0 255.255.255.0
description DEV-PUP-1 Network
object network DEV-PUP-2-Network
subnet 192.168.2.0 255.255.255.0
description DEV-PUP-2 Network
object network MGMT-1-Network
subnet 192.168.180.0 255.255.255.0
description MGMT-1 Network
object network MGMT-2-Network
subnet 192.168.181.0 255.255.255.0
description MGMT-2 Network
object network SUNCOR-PUP-1-Network
subnet 192.168.3.0 255.255.255.0
description SUNCOR-PUP-1 Network
object network SUNCOR-PUP-2-Network
subnet 192.168.4.0 255.255.255.0
description SUNCOR-PUP-2 Network
object network DEV-PUB-1-Network-PNAT
subnet 192.168.0.0 255.255.255.0
description DEV-PUB-1-Network with PNAT
object network DEV-PUB-2-Network-PNAT
subnet 192.168.2.0 255.255.255.0
description DEV-PUB-2-Network with PNAT
object network MGMT-1-Network-PNAT
subnet 192.168.180.0 255.255.255.0
description MGMT-1-Network with PNAT
object network MGMT-2-Network-PNAT
subnet 192.168.181.0 255.255.255.0
description MGMT-2-Network with PNAT
object network SUNCOR-PUB-1-Network-PNAT
subnet 192.168.3.0 255.255.255.0
description SUNCOR-PUB-1-Network with PNAT
object network SUNCOR-PUB-2-Network-PNAT
subnet 192.168.4.0 255.255.255.0
description SUNCOR-PUB-2-Network with PNAT
object network DEV-APP-1-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network DEV-APP-2-SNAT
host 192.168.2.120
description DEV-APP-2 Server with SNAT
object network DEV-APP-2-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network DEV-SQL-1
host 192.168.0.110
description DEV-SQL-1 Inside Server IP
object network DEV-SQL-2
host 192.168.2.110
description DEV-SQL-2 Inside Server IP
object network SUCNOR-APP-1-PUB
host 198.XX.XX.XX
description SUNCOR-APP-1 Public Server IP
object network SUNCOR-APP-2-SNAT
host 192.168.4.120
description SUNCOR-APP-2 Server with SNAT
object network SUNCOR-APP-2-PUB
host 198.XX.XX.XX
description DEV-APP-2 Public Server IP
object network SUNCOR-SQL-1
host 192.168.3.110
description SUNCOR-SQL-1 Inside Server IP
object network SUNCOR-SQL-2
host 192.168.4.110
description SUNCOR-SQL-2 Inside Server IP
object network DEV-APP-1-SNAT
host 192.168.0.120
description DEV-APP-1 Network with SNAT
object network SUNCOR-APP-1-SNAT
host 192.168.3.120
description SUNCOR-APP-1 Network with SNAT
object network PDX-LAN
subnet 192.168.1.0 255.255.255.0
description PDX-LAN for S2S VPN
object network PDX-Sonicwall
host XX.XX.XX.XX
object network LOGI-NLB--SNAT
host 192.168.0.53
description Logi NLB with SNAT
object network LOGI-PUP-IP
host 198.XX.XX.87
description Public IP of LOGI server for NLB
object network LOGI-NLB-IP
host 192.168.0.53
description LOGI NLB IP
object network LOGI-PUP-SNAT-NLB
host 198.XX.XX.87
description LOGI Pup with SNAT to NLB
object-group network vpn-inside
description All inside accessible networks
object-group network VPN-Inside-Networks
description All Inside Nets for Remote VPN Access
network-object object Inside-Native-Network
network-object object DEV-PUP-1-Network
network-object object DEV-PUP-2-Network
network-object object MGMT-1-Network
network-object object MGMT-2-Network
network-object object SUNCOR-PUP-1-Network
network-object object SUNCOR-PUP-2-Network
access-list acl-vpnclinet extended permit ip object-group VPN-Inside-Networks any
access-list outside_access_out remark Block ping to out networks
access-list outside_access_out extended deny icmp any any inactive
access-list outside_access_out remark Allow all traffic from inside to outside networks
access-list outside_access_out extended permit ip any any
access-list outside_access extended permit ip any object LOGI-NLB--SNAT
access-list outside_access extended permit ip any object SUNCOR-APP-2-SNAT
access-list outside_access extended permit ip any object SUNCOR-APP-1-SNAT
access-list outside_access extended permit ip any object DEV-APP-2-SNAT
access-list outside_access extended permit ip any object DEV-APP-1-SNAT
access-list outside_cryptomap extended permit ip object-group VPN-Inside-Networks object PDX-LAN
pager lines 24
logging asdm informational
mtu outside 1500
mtu Port-1-GI-Inside-Native 1500
mtu MGMT-1 1500
mtu MGMT-2 1500
mtu DEV-PUB-1 1500
mtu DEV-PUB-2 1500
mtu SUNCOR-PUB-1 1500
mtu SUNCOR-PUB-2 1500
mtu management 1500
ip local pool Remote-VPN-Pool 192.168.100.1-192.168.100.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any Port-1-GI-Inside-Native
icmp permit any MGMT-1
icmp permit any MGMT-2
icmp permit any DEV-PUB-1
icmp permit any DEV-PUB-2
icmp permit any SUNCOR-PUB-1
icmp permit any SUNCOR-PUB-2
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp DEV-PUB-1 192.168.0.53 0100.5e7f.0035 alias
arp timeout 14400
no arp permit-nonconnected
nat (Port-1-GI-Inside-Native,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (MGMT-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (MGMT-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (SUNCOR-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (SUNCOR-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
nat (DEV-PUB-1,outside) source static DEV-PUP-1-Network DEV-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (DEV-PUB-2,outside) source static DEV-PUP-2-Network DEV-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (MGMT-1,outside) source static MGMT-1-Network MGMT-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (MGMT-2,outside) source static MGMT-2-Network MGMT-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (Port-1-GI-Inside-Native,outside) source static Inside-Native-Network Inside-Native-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (SUNCOR-PUB-1,outside) source static SUNCOR-PUP-1-Network SUNCOR-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
nat (SUNCOR-PUB-2,outside) source static SUNCOR-PUP-2-Network SUNCOR-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
object network Inside-Native-Network-PNAT
nat (Port-1-GI-Inside-Native,outside) dynamic interface
object network VPN-POOL-PNAT
nat (Port-1-GI-Inside-Native,outside) dynamic interface
object network DEV-PUB-1-Network-PNAT
nat (DEV-PUB-1,outside) dynamic interface
object network DEV-PUB-2-Network-PNAT
nat (DEV-PUB-2,outside) dynamic interface
object network MGMT-1-Network-PNAT
nat (MGMT-1,outside) dynamic interface
object network MGMT-2-Network-PNAT
nat (MGMT-2,outside) dynamic interface
object network SUNCOR-PUB-1-Network-PNAT
nat (SUNCOR-PUB-1,outside) dynamic interface
object network SUNCOR-PUB-2-Network-PNAT
nat (SUNCOR-PUB-2,outside) dynamic interface
object network DEV-APP-2-SNAT
nat (DEV-PUB-2,outside) static DEV-APP-2-PUB
object network SUNCOR-APP-2-SNAT
nat (SUNCOR-PUB-2,outside) static SUNCOR-APP-2-PUB
object network DEV-APP-1-SNAT
nat (DEV-PUB-1,outside) static DEV-APP-1-PUB
object network SUNCOR-APP-1-SNAT
nat (SUNCOR-PUB-1,outside) static SUCNOR-APP-1-PUB
object network LOGI-NLB--SNAT
nat (DEV-PUB-1,outside) static LOGI-PUP-IP
object network LOGI-PUP-SNAT-NLB
nat (outside,DEV-PUB-1) static LOGI-NLB-IP
access-group outside_access in interface outside
access-group outside_access_out out interface outside
route outside 0.0.0.0 0.0.0.0 198.145.120.81 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.1.0 255.255.255.0 outside
http 10.1.1.0 255.255.255.0 Port-1-GI-Inside-Native
http 192.168.180.0 255.255.255.0 MGMT-1
http 192.168.100.0 255.255.255.0 Port-1-GI-Inside-Native
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d6f9f8e2113dc03cede9f2454dba029b
: end
Any help would be great! I think the issue is in teh NAT as I am able to access NLB IP from the outside and could not do that before adding the Static ARP stuff.
Thanks,
Chris

Also If I change to NAT from the public IP to the NLB IP to use either one of the phsyical IPs of the NLB cluster (192.168.0.50 or 51) it works fine when using the public IP. So it's definatly an issue when NATing the VIP of NLB cluster.
Chris

Not able to connect to Oracle EBS from host Windows 7

Hi, I have installed oracle EBS version 12.1.1 (32 bit) on OEL ver 6.3 (32 bit). I have installed Linux on Oracle VM virtualbox ver 4.1.16.
I am having host OS as Windows 7 home on my laptop.
While setting up the Network in Oracle VM virtualbox, I have set "attached to" as 'Host Only Adapter'.
I am able to connect to oracle EBS from the client server(linux) using Firefox browser. Both the services(database, Application) are starting & stopping without any problem.
I have entered following setting in C:\Windows\System32\drivers\etc\hosts file.
192.168.56.101 linux.server
IP address of Linux OS is 192.168.56.101
Please help in resolving the issue.
Thanks!

I am getting error as "Internet Explorer cannot display the webpage" on IE ver 9, when accessing from host machine. On Firefox (ver 12), the error is coming as "The connection has timed out. The server at linux.server is taking too long to respond."
The firewall on the server has been disabled already.
I am not able to ping the server IP address or hostname.domainname from client. Following error comes while pinging -
C:\>ping 192.168.56.101
Pinging 192.168.56.101 with 32 bytes of data:
Reply from 172.31.3.110: Destination host unreachable.
Reply from 172.31.3.110: Destination host unreachable.
Reply from 172.31.3.110: Destination host unreachable.
Reply from 172.31.3.110: Destination host unreachable.
Ping statistics for 192.168.56.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
C:\>
Server Machine IP address -
[Oracle@linux ~]$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:8D:FE:FA
inet addr:192.168.56.101 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe8d:fefa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:125 errors:0 dropped:0 overruns:0 frame:0
TX packets:46 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17700 (17.2 KiB) TX bytes:5541 (5.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:54823 errors:0 dropped:0 overruns:0 frame:0
TX packets:54823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17464908 (16.6 MiB) TX bytes:17464908 (16.6 MiB)
[Oracle@linux ~]$
Following is the content of server hosts file(etc/hosts) -
127.0.0.1 linux.server linux
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Thanks!

[SOLVED] network unreachable inside the container

I managed a container with systemd-nspawn. The container boots, but the network is unreachable.
Below is my set up.
ON HOST
systemd-dhcpcd.service disable
systemd-networkd is enabled and started
network is started with two netctl profiles
Configuration files:
/etc/netctl/static-hortensia
Description='hortensia static ethernet connection'
Interface=enp7s0
Connection=ethernet
IP=static
Address=('192.168.1.87/24')
Gateway='192.168.1.254'
/etc/netctl/bridge-hortensia
Description="Bridge connection to container"
Interface=br0
Connection=bridge
BindsToInterfaces=()
IP=no
/etc/systemd/network/70-dahlia.netdev
[Match]
Host=host0
Virtualization=container
[NetDev]
Name=br0
Kind=bridge
/etc/systemd/network/80-dahlia.network
[Match]
Virtualization=container
[Network]
DHCP=no
DNS=192.168.1.254
[Address]
Address=192.168.1.94/24
[Route]
Gateway=192.168.1.254
/etc/resolv.conf
# Generated by resolvconf
domain lan
nameserver 192.168.1.254
BEFORE I start the container:
$ ip addr
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
valid_lft forever preferred_lft forever
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether 9e:eb:1a:c5:12:34 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9ceb:1aff:fec5:1234/64 scope link
valid_lft forever preferred_lft forever
start the container
# systemd-nspawn --machine=dahlia --network-bridge=br0 -bD /dahlia
$ ip addr
2: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 14:da:e9:b5:7a:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.87/24 brd 192.168.1.255 scope global enp7s0
valid_lft forever preferred_lft forever
inet6 fe80::16da:e9ff:feb5:7a88/64 scope link
valid_lft forever preferred_lft forever
3: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 92:3c:ba:9e:24:07 brd ff:ff:ff:ff:ff:ff
inet6 fe80::9ceb:1aff:fec5:1234/64 scope link
valid_lft forever preferred_lft forever
4: vb-dahlia: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master br0 state DOWN group default qlen 1000
ON CONTAINER
systemd-dhcpcd.service disable
systemd-networkd is enabled and started
NO netctl profiles
NO conf files in /etc/systemd/network/
gab@dahlia ➤➤ ~ % ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.1.94/24 brd 192.168.1.255 scope global lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: host0: <NO-CARRIER,BROADCAST,ALLMULTI,AUTOMEDIA,NOTRAILERS,UP> mtu
1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 3a:4f:1f:c5:b5:d1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.94/24 brd 192.168.1.255 scope global host0
valid_lft forever preferred_lft forever
Not sure this output is correct. Is it OK to get a IP adress for lo ? Then, interface host0 is DOWN. I guess this is not normal and could be the cause of my issue.
# ip link set dev host0 up
produces no change, host0 is still down
gab@dahlia ➤➤ ~ % ip route
default via 192.168.1.254 dev host0
192.168.1.0/24 dev host0 proto kernel scope link src 192.168.1.94
gab@dahlia ➤➤ ~ % ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.1.94 icmp_seq=1 Destination Host Unreachable
Configuration files :
/etc/resolv.conf
# Generated by resolvconf
domain lan
nameserver 192.168.1.254
/etc/hosts
# /etc/hosts: static lookup table for host names
#<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 localhost.localdomain localhost
::1 localhost.localdomain localhost
# End of file
Maybe some error here? localhost ? (host0 ?)
Some debug command outputs:
gab@dahlia ➤➤ ~ # SYSTEMD_LOG_LEVEL=debug /lib/systemd/systemd-networkd
timestamp of '/etc/systemd/network' changed
timestamp of '/run/systemd/network' changed
host0: link (with ifindex 2) added
lo: link (with ifindex 1) added
Sent message type=method_call sender=n/a destination=org.freedesktop.DBus object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=Hello cookie=1 reply_cookie=0 error=n/a
Got message type=method_return sender=org.freedesktop.DBus destination=:1.6 object=n/a interface=n/a member=n/a cookie=1 reply_cookie=1 error=n/a
Got message type=signal sender=org.freedesktop.DBus destination=:1.6 object=/org/freedesktop/DBus interface=org.freedesktop.DBus member=NameAcquired cookie=2 reply_cookie=0 error=n/a
gab@dahlia ➤➤ ~ % ip route
default via 192.168.1.254 dev host0
192.168.1.0/24 dev host0 proto kernel scope link src 192.168.1.94
gab@dahlia ➤➤ ~ % cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
host0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 840 9 0 0 0 0 0 0 840 9 0 0 0 0 0 0
Same command ON HOST
gabx@hortensia ➤➤ ~ % cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
br0: 0 0 0 0 0 0 0 0 648 8 0 0 0 0 0 0
vb-dahlia: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 1700 34 0 0 0 0 0 0 1700 34 0 0 0 0 0 0
enp7s0: 15403401 19789 0 0 0 0 0 0 3834189 16721 0 0 0 0 0 0
gab@dahlia ➤➤ ~ % ping -c3 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.036 ms
I can ping the gateway.
Any help is appreciated.
Last edited by gabx (2014-03-06 22:15:07)

After a few more test, I have a profile UP in the container, with an IP adress, but network is still unreachable.
The output of the following command puzzles me:
gab@dahlia ➤➤ /etc/netctl % cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
host0: 6004 28 0 0 0 0 0 0 774 11 0 0 0 0 0 0
lo: 336 3 0 0 0 0 0 0 336 3 0 0 0 0 0 0
It seems there is some traffic going through host0.
some debug outputs on the container side
gab@dahlia ➤➤ /etc/netctl % ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: host0: <BROADCAST,ALLMULTI,AUTOMEDIA,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 8e:d4:16:e2:06:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.91/24 brd 192.168.1.255 scope global host0
valid_lft forever preferred_lft forever
inet6 fe80::8cd4:16ff:fee2:64a/64 scope link
valid_lft forever preferred_lft forever
gab@dahlia ➤➤ /etc/netctl % ip route
default via 192.168.1.254 dev host0
192.168.1.0/24 dev host0 proto kernel scope link src 192.168.1.91
gab@dahlia ➤➤ /etc/netctl % cat /etc/resolv.conf
# Generated by resolvconf
nameserver 192.168.1.254
Maybe a stupid question, but in case of my bridge, what device is the gateway : the host machine (192.168.1.87) OR the real router (192.168.1.254) ? I could be wrong when trying to indicate the router as the gateway ?
EDIT
Trying to use the host as gateway does not change anything: network still unreachable
More debug outputs.
on the container side
gab@dahlia ➤➤ ~ % ping -c3 192.168.1.254
PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data.
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from 192.168.1.254: icmp_seq=2 ttl=64 time=0.035 ms
64 bytes from 192.168.1.254: icmp_seq=3 ttl=64 time=0.027 ms
--- 192.168.1.254 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.027/0.035/0.044/0.008 ms
gab@dahlia ➤➤ ~ % ping -c3 192.168.1.87
PING 192.168.1.87 (192.168.1.87) 56(84) bytes of data.
64 bytes from 192.168.1.87: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 192.168.1.87: icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from 192.168.1.87: icmp_seq=3 ttl=64 time=0.036 ms
--- 192.168.1.87 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.036/0.037/0.041/0.007 ms
I can ping gateway and host
on host side
gabx@hortensia ➤➤ systemd/network % ping -c3 192.168.1.94
PING 192.168.1.94 (192.168.1.94) 56(84) bytes of data.
From 192.168.1.87 icmp_seq=1 Destination Host Unreachable
From 192.168.1.87 icmp_seq=2 Destination Host Unreachable
From 192.168.1.87 icmp_seq=3 Destination Host Unreachable
--- 192.168.1.94 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2008ms
pipe 3
I can not ping container
Last edited by gabx (2014-03-04 12:07:32)

Alternate access mapping and binding in IIS for NLB nodes(2)

Hello All,
We have configured NLB for 2 nodes( 1 is App and WFE1 and 2 is WFE2).
here, we have given NLB host name to the users to browse. but, do we need to configure any thing in alternate access mapping and in IIS bindings, if yes, Please elaborate step by step please.
Thanks in advance
NLB host name and IP: abc.ap.company.com /10.11.12.95
Node1 server: abc.appri.company.com / 10.11.12.93
Node2 server: abc.appsec.company.com / 10.11.12.94
how to do this.
NARLA

Assuming you configured the web application to use the URL http://abc.ap.company.com there is no additional IIS configuration needed on the servers.
If you're interested in accessing a specific server you can create a hostfile entry on your client machine that abc.ap.company.com to one of the two servers.
Jason Warren
@jaspnwarren
jasonwarren.ca
habaneroconsulting.com/Insights

System config network error while parsing /etc/hosts

I am configuring RAC on Oracle Linux,i have configured /etc/hosts on both nodes,when ever i opened network, its displaying error message.
system config network error while parsing /etc/hosts
wrong ip on line 25
wrong ip on line 26
wrong ip on line 27
here is my host entries.
node1
====
[root@racnode1 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
#::1 localhost6.localdomain6 localhost
#####Public#####
192.168.1.101 racnode1.reg.com racnode1
192.168.1.102 racnode2.reg.com racnode2
192.168.1.103 racnode3.reg.com racnode3
192.168.1.104 racnode4.reg.com racnode4
####Private######
10.10.1.1 racnode1-priv.reg.com racnode1-priv
10.10.1.2 racnode2-priv.reg.com racnode2-priv
10.10.1.3 racnode3-priv.reg.com racnode3-priv
10.10.1.4 racnode4-priv.reg.com racnode4-priv
#####Virtual#####
192.168.1.201 racnode1-vip.reg.com racnode1-vip
192.168.1.202 racnode2-vip.reg.com racnode2-vip
192.168.1.203 racnode3-vip.reg.com racnode3-vip
192.168.1.204 racnode4-vip.reg.com racnode4-vip
#SCAN
#192.168.1.301 racdb-scan.reg.com racdb-scan
#SCAN
192.168.1.301 racnode1-scan.reg.com racnode1-scan
192.168.1.302 racnode2-scan.reg.com racnode2-scan
192.168.1.303 racnode3-scan.reg.com racnode3-scan
[root@racnode1 ~]# hostname
racnode1.reg.com
[root@racnode1 ~]#
node2 host entries
===========
[root@racnode2 ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
#::1 localhost6.localdomain6 localhost
#####Public#####
192.168.1.101 racnode1.reg.com racnode1
192.168.1.102 racnode2.reg.com racnode2
192.168.1.103 racnode3.reg.com racnode3
192.168.1.104 racnode4.reg.com racnode4
####Private######
10.10.1.1 racnode1-priv.reg.com racnode1-priv
10.10.1.2 racnode2-priv.reg.com racnode2-priv
10.10.1.3 racnode3-priv.reg.com racnode3-priv
10.10.1.4 racnode4-priv.reg.com racnode4-priv
#####Virtual#####
192.168.1.201 racnode1-vip.reg.com racnode1-vip
192.168.1.202 racnode2-vip.reg.com racnode2-vip
192.168.1.203 racnode3-vip.reg.com racnode3-vip
192.168.1.204 racnode4-vip.reg.com racnode4-vip
#SCAN
#192.168.1.301 racdb-scan.reg.com racdb-scan
#SCAN
192.168.1.301 racnode1-scan.reg.com racnode1-scan
192.168.1.302 racnode2-scan.reg.com racnode2-scan
192.168.1.303 racnode3-scan.reg.com racnode3-scan
[root@racnode2 ~]#
i am not able to ping racnode1-priv or racnode2-priv.
from node1:
========
[root@racnode1 ~]# ping racnode2-priv
PING racnode2-priv.reg.com (10.10.1.2) 56(84) bytes of data.
From racnode1-priv.reg.com (10.10.1.1) icmp_seq=2 Destination Host Unreachable
From racnode1-priv.reg.com (10.10.1.1) icmp_seq=3 Destination Host Unreachable
From racnode1-priv.reg.com (10.10.1.1) icmp_seq=4 Destination Host Unreachable
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4002ms
, pipe 3
[root@racnode1 ~]#
from node2:
=======
[root@racnode2 ~]# ping racnode1-priv
PING racnode1-priv.reg.com (10.10.1.1) 56(84) bytes of data.
From racnode2-priv.reg.com (10.10.1.2) icmp_seq=2 Destination Host Unreachable
From racnode2-priv.reg.com (10.10.1.2) icmp_seq=3 Destination Host Unreachable
From racnode2-priv.reg.com (10.10.1.2) icmp_seq=4 Destination Host Unreachable
--- racnode1-priv.reg.com ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
, pipe 3
[root@racnode2 ~]#
any idea where configuration went wrong.
Thanks

here is output, i can see lot of additional characters.
[root@racnode1 ~]# cat -vet /etc/hosts
# Do not remove the following line, or various programs$
# that require network functionality will fail.$
127.0.0.1 localhost.localdomain localhost$
#::1^I^Ilocalhost6.localdomain6 localhost$
$
#####Public#####$
192.168.1.101 racnode1.reg.com racnode1$
192.168.1.102 racnode2.reg.com racnode2$
192.168.1.103 racnode3.reg.com racnode3$
192.168.1.104 racnode4.reg.com racnode4$
####Private######$
10.10.1.1 racnode1-priv.reg.com racnode1-priv$
10.10.1.2 racnode2-priv.reg.com racnode2-priv$
10.10.1.3 racnode3-priv.reg.com racnode3-priv$
10.10.1.4 racnode4-priv.reg.com racnode4-priv$
#####Virtual#####$
192.168.1.201 racnode1-vip.reg.com racnode1-vip$
192.168.1.202 racnode2-vip.reg.com racnode2-vip$
192.168.1.203 racnode3-vip.reg.com racnode3-vip$
192.168.1.204 racnode4-vip.reg.com racnode4-vip$
#SCAN$
#192.168.1.301 racdb-scan.reg.com racdb-scan$
#SCAN$
192.168.1.301^Iracnode1-scan.reg.com^Iracnode1-scan$
192.168.1.302^Iracnode2-scan.reg.com^Iracnode2-scan$
192.168.1.303^Iracnode3-scan.reg.com^Iracnode3-scan$
[root@racnode1 ~]#
from node2:
========
[root@racnode2 ~]# cat -vet /etc/hosts
# Do not remove the following line, or various programs$
# that require network functionality will fail.$
127.0.0.1 localhost.localdomain localhost$
#::1^I^Ilocalhost6.localdomain6 localhost$
$
#####Public#####$
192.168.1.101 racnode1.reg.com racnode1$
192.168.1.102 racnode2.reg.com racnode2$
192.168.1.103 racnode3.reg.com racnode3$
192.168.1.104 racnode4.reg.com racnode4$
####Private######$
10.10.1.1 racnode1-priv.reg.com racnode1-priv$
10.10.1.2 racnode2-priv.reg.com racnode2-priv$
10.10.1.3 racnode3-priv.reg.com racnode3-priv$
10.10.1.4 racnode4-priv.reg.com racnode4-priv$
#####Virtual#####$
192.168.1.201 racnode1-vip.reg.com racnode1-vip$
192.168.1.202 racnode2-vip.reg.com racnode2-vip$
192.168.1.203 racnode3-vip.reg.com racnode3-vip$
192.168.1.204 racnode4-vip.reg.com racnode4-vip$
#SCAN$
#192.168.1.301 racdb-scan.reg.com racdb-scan$
#SCAN$
$
192.168.1.301^Iracnode1-scan.reg.com^Iracnode1-scan$
192.168.1.302^Iracnode2-scan.reg.com^Iracnode2-scan$
192.168.1.303^Iracnode3-scan.reg.com^Iracnode3-scan$
Edited by: Endeca on Apr 7, 2013 10:13 AM

NLB Host Unreachable

Similar Messages

Maybe you are looking for