由于客户端未响应IKE调用、NFS客户端报告"NFS未响应"错误
适用场景
- ONTAP 9
- 基于 IPsec的NFS
- Microsoft
问题描述
NFS not responding由于客户端未 响应IKE调用,NFS客户端报告“”错误。-
根据
Charon日志,IPsec连接已建立,但客户端未响应IKE调用,因此超时。Sep 8 05:38:15.951 25[IKE] CHILD_SA beumien1svm01:beu_mien1_net{6493} established with SPIs cd79c1b7_i c26d127d_o and TS 10.230.6.xx/32[tcp/sunrpc] 10.230.6.xx/32[tcp/rlzdbase] 10.230.6.xx/32[tcp/nfsd] 10.230.6.xx/32[tcp/lockd] 10.230.6.xx/32[tcp/4046] 10.230.6.xx/32[tcp/10000-65535] === 10.230.25.xx/32
Sep 8 05:38:16.630 25[ENC] generating IKE_AUTH response 1 [ IDr AUTH N(USE_TRANSP) N(ESP_TFC_PAD_N) SA TSi TSr ] 10.230.6.xx[4500] <==> 10.230.25.xx[4500]
Sep 8 05:38:16.764 30[NET] process_message_job.c: Fast recovery logic, looking for peer configs matching 10.230.6.xx[4500] to 10.230.25.xx[4500] for any identity
Sep 8 05:38:18.741 04[NET] socket_default_socket.c: send_msg_v4 sent 312 bytes from 10.230.6.xx[500] to 10.230.25.xx[500] in vserver 8
Sep 8 05:38:23.169 04[NET] socket_default_socket.c: send_msg_v4 sent 312 bytes from 10.230.6.xx[500] to 10.230.25.xx[500] in vserver 8
Sep 8 05:38:23.976 18[IKE] retransmit 3 of request with message ID 0 10.230.6.xx[500] <==> 10.230.25.xx[500]
Sep 8 05:38:24.208 19[ENC] parsed IKE_AUTH request 1 [ IDi CERTREQ IDr AUTH N(USE_TRANSP) SA TSi TSr N(MOBIKE_SUP) N(ADD_4_ADDR) N(MULT_AUTH) N(EAP_ONLY) N(MSG_ID_SYN_SUP) ] 10.230.25.xx[4500] <==> 10.230.6.xx[4500]
Sep 8 05:38:24.277 19[IKE] received retransmit of request with ID 1 10.230.25.xx[4500] <==> 10.230.6.xx[4500] retransmitting response -
发布后、客户端大约在5:38 IST左右再次开始响应。
Sep 8 05:38:41.991 32[IKE] CHILD_SA beumien1svm01:beu_mien1_net{6540} established with SPIs c146f17a_i c3f954b6_o and TS 10.230.6.xx/32[tcp/sunrpc] 10.230.6.xx/32[tcp/rlzdbase] 10.230.6.xx/32[tcp/nfsd] 10.230.6.xx/32[tcp/lockd] 10.230.6.xx/32[tcp/4046] 10.230.6.xx/32[tcp/10000-65535] === 10.230.25.xx/32