I need your expertise to confirm the following issue:
Issue Description: The customer appl A sends a lookup request which is
to be handled by appl B. Both applications are using Cluster Logical IP
destined for different subnets as configured using multiple defaultrouters
bound to separate IPMP groups. Their expectation is that TCP communications
between applications will cross the physical network such that external firewall
ACL rules can be implemented/honored.
During internal acceptance testing the customer failed both physical links
servicing the IPMP group of appl B. Packets from appl A still arrived and were
accepted by Appl B. This has highlighted that traffic was crossing (round-robin)
on the TCP stack/loopback and not making its way onto the physical wire which
negates enforcement of the external firewall rules which expect a received packet
/port to appear consistently from the same host source interface.
1. So, Is the observation true and TCP/IP stack works as designed ?
2. Is there a way to tune or force it (TCP/IP stack)to cross the physical
network such that external firewall ACL rules can be implemented/honored ?
3. This will bring up other questions when talking about S10 and
zones. If a packet
is source on zoneA and destined for zoneB will it go on the wire?
Your help/comments is greatly appreciated!
zones-discuss mailing list