Solutions

Why can we ping the ip address from ProxySG even through the physical interface is down?

Solutions ID:    KB5417
Version:    1.0
Status:    Published
Published date:    01/14/2013
 

Problem Description

We can ping the IP address from the ProxySG CLI even through the interface is physically down.

From below, we find the interface of 1:0 and 1:1 are down. Interface 0:0 is up, and configured with different IP address than 1:0 and 1:1.

######################################

16.176#show inter all 
  Ethernet interface 0:0
    Internet address:     10.254.16.188 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9635 prefixlen 64
    MTU size:             1500
    Link status:          autosensed to full duplex, 1 gigabit/sec network
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: none
  Ethernet interface 1:0 (WAN)
    Internet address:     10.254.16.176 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9636 prefixlen 64
    MTU size:             1500
    Link status:          no link
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: passthru-1
  Ethernet interface 1:1 (LAN)
    Internet address:     10.254.15.111 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9637 prefixlen 64
    MTU size:             1500
    Link status:          no link
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: passthru-1

######################################

But we still can ping the IP addresses of interface 1:0 and 1:1 from the ProxySG CLI, as shown next.

######################################

16.176#ping 10.254.16.176
PING 10.254.16.176 (10.254.16.176): 56 data bytes
64 bytes from 10.254.16.176: icmp_seq=0 ttl=64 time=0.094 ms
64 bytes from 10.254.16.176: icmp_seq=1 ttl=64 time=0.055 ms

--- 10.254.16.176 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.055/0.074/0.094/0.020 ms
16.176#
16.176#ping 10.254.15.111
PING 10.254.15.111 (10.254.15.111): 56 data bytes
64 bytes from 10.254.15.111: icmp_seq=0 ttl=64 time=0.072 ms
64 bytes from 10.254.15.111: icmp_seq=1 ttl=64 time=0.044 ms



--- 10.254.15.111 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.044/0.058/0.072/0.014 ms
16.176#

######################################

Resolution

This happens because the IP addresses of interface 1:0 and 1:1 are fixed in the ProxySG appliance when we configured the ProxySG.

We can see from the output of the ARP and IP Route Table below below that the interface following the interface 1:0 and 1:1 IP address is Loopback. Loopback is always up, so we can always ping these two IP addresses from the ProxySG.

We don't successfully ping the two IP addresses from outside when they are physically down.

######################################

16.176#show arp
; TCP/IP Statistics

TCP/IP ARP Information

IP Address       MAC Address       Interface
10.254.15.111    00:d0:83:05:96:37 passthru-1 permanent
10.254.16.1      00:23:9c:21:16:cb 0:0
10.254.16.115    f0:de:f1:29:d5:36 0:0
10.254.16.176    00:d0:83:05:96:35 0:0 permanent
10.254.16.188    00:d0:83:05:96:35 0:0 permanent

######################################

16.176#show ip-route-table
; TCP/IP Routing Table
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use      Netif Expire
default            10.254.16.1        UGS        15     4625        0:0
10.254.15.0/24     link#3             UC          0        4        1:1
10.254.15.111      00:d0:83:05:96:37  UHLW        0        4   loopback     -----> the next interface is loopback
10.254.16.0/24     link#2             UC          0        7        0:0 =>
10.254.16.0/24     link#4             UC          0        0        1:0
10.254.16.1        00:23:9c:21:16:cb  UHLW        1        2        0:0    111
10.254.16.115      f0:de:f1:29:d5:36  UHLW        0      570        0:0    717
10.254.16.176      00:d0:83:05:96:35  UHLW        0        3   loopback
10.254.16.188      00:d0:83:05:96:35  UHLW        0        7   loopback     -----> the next interface is loopback
127.0.0.1          127.0.0.1          UH          2     3709   loopback
######################################


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question