VIP not routing through after failover and recovery between ISP's
-
Today we lost access to comcast for awhile and after failing back from our T1 the 3 VIP aliases I have that had ports forwarded for a few sites now are having 504 timeouts rather than loading. No configuration changes occurred, and I am not seeing any log errors. Other than attempting to delete all the settings and start over what else can I be checking as an issue?
While trying to load the site
tcpdump -npX host 173.15.65.162
Doesn't even show packets occurring.Another thought was if something in arp got messed up by comcast during event.
edit: Probably should have included I am running pfsense 2.0.1 release
-
Where is the 504 coming from? A firewall or network problem is generally getting no response at all, where a 504 is more commonly something else (depending on specifics).
-
I tracked down the real issue. What happened was some device on a different LAN port after being power cycled grabbed the firewall IP address. After removing the switch from comcast gateway the firewall was able to reclaim its IP and comcast gateway resumed sending data to pfsense. It looks like what likely happened is when pfsense got its IP back the ARP on comcast gateway did not update with the data that the VIP's also needed their information updated and all data was sent to the no longer existing MAC address. Power cycling the gateway for 1 minute cleared its tables and allowed data to the VIP's to continue.