Create a Post
LostBoY
Advisor

Selection of Member GW in an Active Active Geo Cluster

I have 2  R80.40 Geo Cluster configured in AWS.. in one of the cluster ..FW2 passess all the traffic and in the other cluster FW1 .

I was wondering what factor determines which Member will pass the traffic in an Active - Active Geo Cluster.. will this change only if there is a failover ? 

0 Kudos
8 Replies
the_rock
Authority
Authority

I had customer ask me that exact question before, but was never able to find out the answer either. Hopefully someone will be able to help.

0 Kudos
the_rock
Authority
Authority

This is helpful, but still not sure it gives us the answer we are looking for...

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_ClusterXL_AdminGuide/Topics-CXLG/A...

0 Kudos
LostBoY
Advisor

Yea..i read this one .. but unfortunately it doesnt answer our query

0 Kudos
PhoneBoy
Admin
Admin

Both members are active (thus why it’s called Active Active), so there isn’t really a failover.
What determines what node is used for a given flow is routing (either dynamic routing or routing tables in the VPC).

LostBoY
Advisor

thanks for the reply..so how is the member selected for passing traffic in a cluster ? 

I have assigned secondary IPs on both firewalls eth0 interfaces ..these secondary IPs are also mapped with an elastic ip .i want to use these for outgoing traffic to internet and there is a necessity to host these with static elastic ip.. i defined a manual NAT for the outgoing traffic of a web server..

the problem is if FW2 is active ..traffic goes via elastic ip associated with its interface..suppose FW1 starts to take traffic responsibility tomorrow then there is a diff elastic ip associated with it.. i am not sure how the transfer will take place or do i have to use NAT of different kind here

0 Kudos
Nir_Shamir
Employee
Employee

With Active/Active Cluster there  is no VIP. The Client will be natted with the current "ACTIVE" member Public IP in the cluster , so it will be one of two ip addresses.

 

 

0 Kudos
ayelete
Employee
Employee

In the AWS Active-Active Geo cluster configuration, one member acts as a 'Master' member and the other one as 'Slave'.
the 'Master' will always be the one passing traffic, unless there's a failover - and then the 'Slave' will take control. - once the 'master' is back up - the control will again go back to him.

The factor to determine who is the 'Master' is by their IPs. the member with the lower ip will be the 'Master' (we test on sync interface - eth1, but also eth0 should have the same behavior).

e.g:

mem A eth1 IP: 10.0.0.1
mem B eth1 IP: 10.0.0.2

since mem A ip < mem B IP - > mem A will be the 'Master'

Hope that this answers your question.

the_rock
Authority
Authority

A ok, thats actually interesting, thanks for clarifying!

0 Kudos