Why can we ping the ip address from ProxySG even through the physical interface is down?

Solution

Overview

We can ping the IP address from the ProxySG CLI even through the interface is physically down.

From below, we find the interface of 1:0 and 1:1 are down. Interface 0:0 is up, and configured with different IP address than 1:0 and 1:1.

######################################

16.176#show inter all 
  Ethernet interface 0:0
    Internet address:     10.254.16.188 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9635 prefixlen 64
    MTU size:             1500
    Link status:          autosensed to full duplex, 1 gigabit/sec network
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: none
  Ethernet interface 1:0 (WAN)
    Internet address:     10.254.16.176 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9636 prefixlen 64
    MTU size:             1500
    Link status:          no link
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: passthru-1
  Ethernet interface 1:1 (LAN)
    Internet address:     10.254.15.111 netmask 255.255.255.0
    Internet address:     fe80::2d0:83ff:fe05:9637 prefixlen 64
    MTU size:             1500
    Link status:          no link
    Reject inbound:       disabled
    Allow intercept:      enabled
    VLAN trunk:           enabled
    Native VLAN:          1
    Spanning tree:        disabled
    IPv6 auto-linklocal:  enabled
    Member of the bridge: passthru-1

######################################

But we still can ping the IP addresses of interface 1:0 and 1:1 from the ProxySG CLI, as shown next.

######################################

16.176#ping 10.254.16.176
PING 10.254.16.176 (10.254.16.176): 56 data bytes
64 bytes from 10.254.16.176: icmp_seq=0 ttl=64 time=0.094 ms
64 bytes from 10.254.16.176: icmp_seq=1 ttl=64 time=0.055 ms

--- 10.254.16.176 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.055/0.074/0.094/0.020 ms
16.176#
16.176#ping 10.254.15.111
PING 10.254.15.111 (10.254.15.111): 56 data bytes
64 bytes from 10.254.15.111: icmp_seq=0 ttl=64 time=0.072 ms
64 bytes from 10.254.15.111: icmp_seq=1 ttl=64 time=0.044 ms



--- 10.254.15.111 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.044/0.058/0.072/0.014 ms
16.176#

######################################

Cause
Resolution

This happens because the IP addresses of interface 1:0 and 1:1 are fixed in the ProxySG appliance when we configured the ProxySG.

We can see from the output of the ARP and IP Route Table belowbelow that the interface following the interface 1:0 and 1:1 IP address is Loopback. Loopback is always up, so we can always ping these two IP addresses from the ProxySG.

We don't successfully ping the two IP addresses from outside when they are physically down.

######################################

16.176#show arp
; TCP/IP Statistics

TCP/IP ARP Information

IP Address       MAC Address       Interface
10.254.15.111    00:d0:83:05:96:37 passthru-1 permanent
10.254.16.1      00:23:9c:21:16:cb 0:0
10.254.16.115    f0:de:f1:29:d5:36 0:0
10.254.16.176    00:d0:83:05:96:35 0:0 permanent
10.254.16.188    00:d0:83:05:96:35 0:0 permanent

######################################

16.176#show ip-route-table
; TCP/IP Routing Table
Routing tables

Internet:
Destination        Gateway            Flags    Refs      Use      Netif Expire
default            10.254.16.1        UGS        15     4625        0:0
10.254.15.0/24     link#3             UC          0        4        1:1
10.254.15.111      00:d0:83:05:96:37  UHLW        0        4   loopback     -----> the next interface is loopback
10.254.16.0/24     link#2             UC          0        7        0:0 =>
10.254.16.0/24     link#4             UC          0        0        1:0
10.254.16.1        00:23:9c:21:16:cb  UHLW        1        2        0:0    111
10.254.16.115      f0:de:f1:29:d5:36  UHLW        0      570        0:0    717
10.254.16.176      00:d0:83:05:96:35  UHLW        0        3   loopback
10.254.16.188      00:d0:83:05:96:35  UHLW        0        7   loopback     -----> the next interface is loopback
127.0.0.1          127.0.0.1          UH          2     3709   loopback
######################################

Workaround
Additional Information
Bug Number
InQuira Doc IdKB5417
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat