> On Jul 29, 2021, at 11:55 AM, james list <jameslis...@gmail.com> wrote: > > > Internet - Firewall – Lan - Load balancer – Lan – hypervisor- VM > > > > It happens sometime that the VM do not respond anymore to Load balancer for > external ip addresses until on the Load balancer it is setted to source NAT > (SNAT) the internet traffic and then SNAT it’s removed. >
Can you share the routing table of the VM in question? Specifically/most importantly - Is the load balancer being used as the VM’s default gateway, or does the VM use the firewall as its default gateway? In the latter case, I would expect the load balancer to SNAT traffic or act as a full layer 7 proxy where a new TCP connection is established from the load balancer to the upstream servers. With a misconfiguration or misaligned design intention here, I could see the intended behavior depending on ARP or firewall/connection state tracking behavior in the devices. > Something like an action that solicit the VM to refresh the arp. > > > > While health check from Loadbalancer to VM in the same LAN subnet never > stops to work. > > > > Does anybody ever encountered the same problem on VM environments ? In the absence of evidence otherwise, I suspect your issue is not VM-specific. Do you have examples of physical hosts in the same LAN that do not exhibit this problem? If so, has the routing table (default gateway and possibly other persistent static routes) been compared? > > Any idea ? > > > > Thanks in advance > > James > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
