I got call from customer today that they have some ping loss between Meraki VPN (Malaysia <-> Korea).
So, I checked event log, and there are quite amount of VRRP transition and Internet Martian log.
I know what VRRP transition log means, but it came up blank about Internet Martian log.
Even Meraki documentation doesn't mentioned about Internet Martian log.
It comes from MX, so it seems that there are some problem with local Internet, but I cannot sure.
Does anybody have experience about Internet Martian log?
Martian, martion, what exactly do you find in the log. Could you copy and paste the exact log?
It's "Internet Martian". I made some typos and fixed it. Sorry for causing confusion.
Here is exact log.
Jun 25 12:33:48 | LGHH_ML_VPN_A | e0:cb:bc:9c:73:20 | Internet martian | source_client_ip: 192.168.100.1, source_client_mac: E0:CB:BC:9C:73:20, source_client_assigned_vlan: 1
|
A client seems to be trying to communicate with 0.0.0.1. That's not a real address so that error comes up. Likely unrelated to your problem.
Oh, is it the Mac address of the warm spare device? In that case it may be related to vrrp. What's your physical topology like? Do you have a drawing?
Here it is. MS is working as L3 switch, and MX and MS are in warm-spare configuration.
There was Internet for MX#2, but after office move out, it's not available for now.
Check out this page:
https://documentation.meraki.com/MX/Deployment_Guides/MX_Warm_Spare_-_High_Availability_Pair
The recommended topology is not to have a direct link in between the MXs, and each MX linked up to each switch. Perhaps you can try that topology and see if it solves your issues.
Normally
Martian packets may be the result of IP address spoofing but can also arise from network equipment malfunction or an inchoate host configuration.
In Linux speak, a martian packet is an IP packet received by an interface on a device, and the routing tables indicate that the source IP usually arrives on another interface.
It is probably a configuration issue, if not configuration it might be innocuous.
For example, on another (non-Meraki) security gateway, I have to set up a "virtual switch" on the uplink to a VDSL modem, in order to effect a separate and co-existent IP address on the WAN port connected to the modem. This is a Pseudo Ethernet port and combined with a Masquerade NAT rule effectively spoofs an IP address - so it turns up as Life On Mars in the logs, but for the network it is Fire up the Quattro as one can access the modem's GUI interface from any down stream device.