Ping to local host fails after configuring CA API gateway in centos/rhel appliance.

Document ID : KB000009054
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

The customer is facing a problem while pinging gateway servers after the configuration of ssg.

To give you a history on this: they have the appliance build by ESX team where they do provide a static IP to server.
Ping to ip or localhost or 127.0.0.1 works fine before configuring gateway after servers are built.

Its only after configuring gateway ping fails 50% of time. 

We were earlier suspecting this to be NETWORK issue at their end but strangely it works before configuring gateway. 

Ping fails intermittently. 

 

 

Environment:
API Gateway : 9.2
Cause:

run this command to check the value of icmp

1. log into privileged shell

2. run this command : iptables -nL --line-number

    15   ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 2/sec burst 5

Above line indicates that ICMP is allowed to ping 2 packets per sec

 

Resolution:

To resolve this problem:

1. log into privileged shell

2. modified this file /etc/sysconfig/iptables 

3. change the value for icmp to 50 as per the customer's requirements 

    # rate limit ping on all interfaces
     Before:     [0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 2/sec -j ACCEPT
     After:  [0:0] -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 50/sec -j ACCEPT

4.  run this command : service iptables restart  

5.  run this command to verify the change:
     >> iptables -nL --line-number