Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
abihsot__
Advisor

Cross-zone traffic with Cloudguard GWLB

 

Hi there,

I deployed cloudguard R80.40 gateways in AWS using GWLB for TGW template. After reading some documentation I specifically made sure that cross-zone balancing is turned OFF and TGW attachment which contain gateways is in appliance mode.

To my surprise I noticed that traffic is hitting random gateways. Any ideas how to further troubleshoot this issue?

image.png

 

image.png

image.png

0 Kudos
2 Replies
HeikoAnkenbrand
Champion Champion
Champion

By Default, AWS attempts to keep a zonal affinity for traffic, meaning that traffic sourced in an AZ maintains that AZ at each hop.

To remedy this behavior and to provide maximum HA coverage for the CGNS Auto Scaling Group, Check Point recommends enabling Cross Zone Load Balancing on GWLB.  This feature allows GWLB to distribute traffic across all targets in all enabled AZ’s to provide greatest HA coverage.  This feature will result in incurring inter-AZ data transfer charges.  

Check Point’s CloudFormation deployments for GWLB enable Cross AZ load balancing by default.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
abihsot__
Advisor

Hi there,

This is very clear, however in cloudformation template you have parameter to enable/disable cross AZ balancing, where I selected "false" during initial deployment, but it still does cross AZ balancing. 

 

  CrossZoneLoadBalancing:
    Description: Select 'true' to enable cross-az load balancing. NOTE! this may cause a spike in cross-az charges.
    Type: String
    Default: true
    AllowedValues:
      - true
      - false
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.