Edge SWG virtual appliances faulty network connections - UGRS
Article ID: 396541
Updated On:
Products
Issue/Introduction
Following an uncontrolled shutdown (abrupt restart) of the hypervisor (example VMware ESXi) server. The hosted ISG Proxy has some (or even all) network interfaces that cannot receive or send any TCP packet.
SGOS CLI "sg#show arp" output shows that the interfaces are present with assigned IP addresses.
Cause
"sg#show ip-route-table" output tells that some, or all routes are in a "rejecting status" with "UGRS" set flag, example:
- Destination Gateway Flags Refs Use Netif Expire
default z.z.z.z UGRS 2 2 2:0
x.x.x.x/32 z.z.z.z UGRS 1 0 2:0
y.y.y.y/32 z.z.z.z UGRS 1 0 2:0
a.a.a.30/32 z.z.z.z UGRS 1 0 2:0
a.a.a.31/32 z.z.z.z UGRS 1 0 2:0
x.0.0.0/8 x.y.z.1 UGRS 1 0 1:0
x.y.z.0/28 link#3 U 0 0 1:0
x.y.0.0/16 x.y.z.1 UGS 0 0 0:0 118
x.y.0.0/16 x.y.z.1 UGS 18 29928 0:0 118
x.y.0.0/16 x.y.z.1 UGS 0 0 0:0 118
y.x.z.12/29 link#4 U 0 0 2:0
127.0.0.1 link#1 UH 47 5826 loopback
x.y.z.0/23 x.5.81.1 UGS 0 0 0:0 118
x.y.z.0/28 link#2 U 0 0 0:0
x.y.z.16/29 link#5 U 9 1158 3:0
Packet capture taken from the SWG shows that specific faulty interfaces, example WireShark filter ""frame.interface_name == "3:0" || frame.interface_name == "4:0"" broadcasted ARP requests for the affected route gateways, example:
- VMware_XY:d1:3c (z:xy:04:81:d2:2c) Int 3:0
Who has z.z.z.z? Tell y.z.x.y
To Broadcast (ff:ff:ff:ff:ff:ff)
Are never answered.
Resolution
Engage the hypervisor server admin asking to collect a packet capture on the server vSwitch, checking how the affected SWG interfaces ARP requests are handled and why ARP resolution is not carried out and "Who has" requests not answered
Feedback
