Does anybody knows about Internat Martian event log?

Kamome
Building a reputation

Does anybody knows about Internat Martian event log?

I got call from customer today that they have some ping loss between Meraki VPN (Malaysia <-> Korea).

So, I checked event log, and there are quite amount of VRRP transition and Internet Martian log.

 

I know what VRRP transition log means, but it came up blank about Internet Martian log.

Even Meraki documentation doesn't mentioned about Internet Martian log.

It comes from MX, so it seems that there are some problem with local Internet, but I cannot sure.

 

Does anybody have experience about Internet Martian log?

9 REPLIES 9
BrechtSchamp
Kind of a big deal

Martian, martion, what exactly do you find in the log. Could you copy and paste the exact log?

Kamome
Building a reputation

It's "Internet Martian". I made some typos and fixed it. Sorry for causing confusion.

Here is exact log.

 

Jun 25 12:33:48LGHH_ML_VPN_Ae0:cb:bc:9c:73:20Internet martiansource_client_ip: 192.168.100.1, source_client_mac: E0:CB:BC:9C:73:20, source_client_assigned_vlan: 1  
last_illegal_ip0.0.0.1
client_total_illegal_packets515
all_total_illegal_packets519
last_reported_total518
BrechtSchamp
Kind of a big deal

A client seems to be trying to communicate with 0.0.0.1. That's not a real address so that error comes up. Likely unrelated to your problem.

Kamome
Building a reputation

So, it was client side problem, not Meraki or Internet?
MAC address e0:cb:bc:9c:73:20 is spare device, and it doesn't have uplink connection for now.
Why spare device tries to communicate with 0.0.0.1?
BrechtSchamp
Kind of a big deal

Oh, is it the Mac address of the warm spare device? In that case it may be related to vrrp. What's your physical topology like? Do you have a drawing?

Kamome
Building a reputation

Here it is. MS is working as L3 switch, and MX and MS are in warm-spare configuration.

There was Internet for MX#2, but after office move out, it's not available for now.

 

topology.png

BrechtSchamp
Kind of a big deal

Check out this page:

https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair

 

recommended_HA_design

 

The recommended topology is not to have a direct link in between the MXs, and each MX linked up to each switch. Perhaps you can try that topology and see if it solves your issues.

 

 

Normally

 

Martian packets may be the result of  IP address spoofing but can also arise from network equipment malfunction or an inchoate host configuration.

 

In Linux speak, a martian packet is an IP packet received by an interface on a device, and the routing tables indicate that the source IP usually arrives on another interface.

 

It is probably a configuration issue, if not configuration it might be innocuous.

 

For example, on another (non-Meraki) security gateway, I have to set up a "virtual switch" on the uplink to a VDSL modem, in order to effect a separate and co-existent IP address on the WAN port connected to the modem. This is a Pseudo Ethernet port and combined with a Masquerade NAT rule effectively spoofs an IP address - so it turns up as Life On Mars in the logs, but for the network it is Fire up the Quattro as one can access the modem's GUI interface from any down stream device.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels