That was a poorly worded question about allowed address pairs. I've seen this sort of thing done with allowed address pairs and port security enabled, so that's why I asked. Let's ignore it for now :)
Just to confirm and help debug, when trying to reach the vip through a router it fails (except when on the same compute node)? And in all cases the vip is reachable if not passing through a router? Do you have 1 router with interfaces for both networks, or something more complex?
That was a poorly worded question about allowed address pairs. I've seen this sort of thing done with allowed address pairs and port security enabled, so that's why I asked. Let's ignore it for now :)
Just to confirm and help debug, when trying to reach the vip through a router it fails (except when on the same compute node)? And in all cases the vip is reachable if not passing through a router? Do you have 1 router with interfaces for both networks, or something more complex?