I have a riverbed question regarding asymmetric routes. First off, I do have a support contract with riverbed, but I'd like to talk this out, first, before calling them. This is probably a good learning opportunity.
For starters, this site connects to the internet through at&t enterprise fiber. We lease IP addresses from at&t, our electrical hand-off plugs directly into our firewall. We use sonicwalls (High Availability, please don't turn this into a sonicwall sucks discussion, for us it does what we need it to do).
Since there are two sonicwalls (HA) our hand-off from at&t plugs into an L2 'WAN Switch' (yes, single point of failure) and each sonicwall plugs into the WAN switch, respectively. Here is where riverbed comes into the picture.
X0 on our sonicwalls are LAN. Before the LAN connection hits the network switch, it plugs into the riverbed appliance. The riverbed appliance has 4 ports, WAN 0, WAN 1 and LAN 0, LAN 1.
WAN 0 (riverbed) plugs into sonicwall 1 X0 WAN 1 (riverbed) plugs into sonicwall 2 X0 LAN 0 (riverbed) plugs into network switch1 port 1 LAN 1 (riverbed) plugs into network switch1 port 2
STP is enabled on the switch (this environment has a single switch) and shuts down port 1 or port 2, depending on which sonicwall is active.
At this point, everything works fine. The riverbed is passing the traffic and optimizing traffic based on rule that were set.
My question....
When the 'primary' sonicwall is running, it seems that every day I'll see several 'Asymmetric Routes Detected' immediately followed with a 'Asymmetric Routes Cleared'. I can manually change the sonicwall to operate from primary to secondary or if something causes the primary unit to go off-line the secondary will immediately take over. About 6 months ago there was a power outage and the UPS that was connected to the primary sonicwall didn't have as much battery as the UPS that the secondary sonicwall was connected to, which means the primary sonicwall shut off and the secondary took over. When power was restored (shorltly after it went out) the secondary unit continued to function as the 'main' unit. When the secondary unit is running as primary I notice that I never (haven't yet) see the 'Asymmetric Routes Detected' immediately followed with a 'Asymmetric Routes Cleared' alerts.
I realize that the details of the alert email may be critical to help with my question, but before I get that much in depth, I'd like to see if others who use riverbed may be able to give some feedback based on what I've typed, above. From an infrastructure/connectivity perspective, I'm not sure why running on the primary sonicwall causes these alerts and when running on the secondary sonicwall I don't see these same alerts (at least, not yet).
I will say this, the WAN IP that was in this last routing alert received was '35.193.89.47' which appears to be Google Cloud.
Thanks.
No comments:
Post a Comment