ONTAP Discussions

8.3 Intercluster Peer - icmp unreachable

thomasb82
9,328 Views

Hi guys,

 

I have difficulties setting up Intercluster peer for SnapVault on 2x 8.3 Clusters.

They are connected to each other through ipsec vpn. All IP ranges and all ports are set to allow, nothing gets blocked.

 

The authentication through passphrase goes instantly to "OK" but  Availability goes from "pending" to "unavailable" in a few seconds.

 

Data: interface_reachable

ICMP: unreachable 

 

The firewall policy is default, nothing set to block.

 

A few thing I find very odd:

Authentication and data interface work fine - icmp not

But then icmp works fine using a normal ping or specifiing the intercluster lif itself:

CLUSTER01::> network ping -lif CLUSTER01_INTERCLUSTER_lif1 -destination 192.168.2.1 -vserver CLUSTER01

192.168.2.1 is alive

 

 

 

Maybe you can help me out, many thanks!

 

1 ACCEPTED SOLUTION

deepuj
9,187 Views

Hi,

 

When we see "interface reachable" for the Data test, and "interface unreachable" for the ICMP test, it implies an MTU size conflict.

 

You may take a look at this KB:


https://kb.netapp.com/support/index?page=content&id=2020029&locale=en_US&access=s

 

 

Hope this helps!

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

3 REPLIES 3

deepuj
9,188 Views

Hi,

 

When we see "interface reachable" for the Data test, and "interface unreachable" for the ICMP test, it implies an MTU size conflict.

 

You may take a look at this KB:


https://kb.netapp.com/support/index?page=content&id=2020029&locale=en_US&access=s

 

 

Hope this helps!

 

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

thomasb82
9,140 Views

Hi,

 

ok, sounds reasonable.

So all my interfaces are configured with 1500, expect the cluster which is set to 9000.

It`s the same on both Filers.

 

 

The interfaces on the Firewalls (Sophos UTM) that are between those Clusters are also set to 1500.

 

I can successfully ping the other cluster with the setting -disallow-fragmentation true and -disallow-fragmentation false.

 

The only thing I'm not sure about is the ISP MTU size.

But I would imagine the disallow-fragmentation setting true would kill the ping if there was the issue?!

Sorry, I'm really stuck 😞

 

 

thomasb82
9,117 Views

Quick update: I really had to reduce the MTU size to 1410 to get it working...

Anyway, thanks for the hint!!

 

Public