11 Replies Latest reply: Apr 25, 2008 12:05 PM by Rupert Watson
richlowe Level 1 Level 1 (0 points)
We have an interesting problem with our xsan and cannot figure out the answer. Perhaps someone can help?

We have 2 Intel Xserve MDCs and 2 G5 Xserve ODs, running 10.5.1 server and xsan 1.4.2
Our clients are a mix of G5s running 10.4.11 and Intels running 10.5.1, also with xsan 1.4.2

We have a public IP range of 10.160.16.x to 10.160.20.255 and a private metadata IP range of 10.160.21.x

All xsan clients (including the OD servers) have a public and a private ethernet connection, with the private at the top.

The 2 MDCs have only a private metadata connection. Our problem is this...

when we view clients in xsan admin, the Leopard client's public IP address is listed with a red ball next to it.
We cannot authenticate this client as the MDC has no public IP connection. How is this IP address being seen by the MDC? Other Leopard clients authenticate without a problem, the only difference being that their public IP address is 10.160.20.x. The clients that show up as red are 10.160.19.x and 10.160.16.x ranges.

Removing the public IP connection from this Leopard client will cure the problem and we can then authenticate, obviously over the private ethernet connection, however as soon as the client is booted with the public connected again, the same thing happens.

From the information given above, can anybody spot anything that is being done incorrectly?

Thanks.

G5 and MacPro, Mac OS X (10.5.1)
  • 1. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    There are a couple of things to check...

    1. What is the public subnet for ALL SAN clients. Should be the same.
    2. Public Interface should be on top.
    3. Which Leopard client is experiencing this problem?
    4. Try running the Xsan Admin application on another system, not one of the MDCs.
    5. In Xsan Admin, what is the IP address of the two controllers?

    Let us know...

    Bob
  • 2. Re: The XSAN Admin Authentication mistery
    richlowe Level 1 Level 1 (0 points)
    Hi Bob, thanks for the reply.

    Answers to your questions as follows.

    1. Public IP ranges between 10.160.16.x through to 10.160.20.254
    2. We have the metadata (Private) on top, not public, as per Apples guide.
    3. It seems to be any Leopard client that is not on the 10.160.20.x range of public IP address. (The MDCs were on 10.160.20.x addresses before we removed them). Leopard clients are currently okay if they are on the 10.160.20.x range of public IP addresses.
    4. We have tried running xsan admin from other machines and the problem still exists.
    5. Both IP addresses of the MDCs are 10.160.21.48 and 10.160.21.49

    Thanks

    Richard
  • 3. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    Richard,

    1. What is the subnet of your public address: 255.255.255.x? This subnet needs to be the same for all clients.
    2. Can you ping the clients on the public interface from a Non-MDC machine?
    3. Have you tried uninstalling and reinstalling Xsan on the clients that can't be authenticated?
  • 4. Re: The XSAN Admin Authentication mistery
    richlowe Level 1 Level 1 (0 points)
    1. subnet is 255.255.255.0 on all clients and mdcs
    2. Yes the clients can be pinged over the public
    3. I have not reinstalled xsan on the clients affected.
  • 5. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    Change your subnet to 255.255.252.0
  • 6. Re: The XSAN Admin Authentication mistery
    richlowe Level 1 Level 1 (0 points)
    Thanks Bob.

    I have tried changing the subnet on the MDC to 255.255.0.0 and this did not help. I did not change it on the client though. Would I need to change it on clients and controllers?
  • 7. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    The subnet on the private should be 255.255.255.0 on all systems connected to the Fibre.

    The subnet on the public should be the one I sent earlier, on all systems with a public interface that is active.

    Just thinking, do you have the public and private networks physically connected or are you trying to separate via subnet or VLAN?
  • 8. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    Sorry about the double post. Check the last sentence for the correction...

    The subnet on the private should be 255.255.255.0 on all systems connected to the Fibre.

    The subnet on the public should be the one I sent earlier, on all systems with a public interface that is active.

    Just thinking, do you have the public and private networks physically separate or are you trying to separate via subnet or VLAN?

    Message was edited by: Robert Kite
  • 9. Re: The XSAN Admin Authentication mistery
    richlowe Level 1 Level 1 (0 points)
    Hi Bob, the subnet mask on the private network is 255.255.255.0 on all clients.
    It is also 255.255.255.0 on all machines with a public connection (set via DHCP).

    The public network is our company wide IT network. The private network is our own xsan network that contains nothing except a switch. They are physically not connected.
  • 10. Re: The XSAN Admin Authentication mistery
    RobertKite Level 1 Level 1 (120 points)
    Richard,

    Please email me your contact details so we can get this sorted...

    Bob
  • 11. Re: The XSAN Admin Authentication mistery
    Rupert Watson Level 1 Level 1 (100 points)
    What is the IP address of your DNS server and can all the clients ping it?

    Does forward and reverse dns lookup work?