- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Selection of Member GW in an Active Active Geo Clu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Selection of Member GW in an Active Active Geo Cluster
I have 2 R80.40 Geo Cluster configured in AWS.. in one of the cluster ..FW2 passess all the traffic and in the other cluster FW1 .
I was wondering what factor determines which Member will pass the traffic in an Active - Active Geo Cluster.. will this change only if there is a failover ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had customer ask me that exact question before, but was never able to find out the answer either. Hopefully someone will be able to help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is helpful, but still not sure it gives us the answer we are looking for...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yea..i read this one .. but unfortunately it doesnt answer our query
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Both members are active (thus why it’s called Active Active), so there isn’t really a failover.
What determines what node is used for a given flow is routing (either dynamic routing or routing tables in the VPC).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for the reply..so how is the member selected for passing traffic in a cluster ?
I have assigned secondary IPs on both firewalls eth0 interfaces ..these secondary IPs are also mapped with an elastic ip .i want to use these for outgoing traffic to internet and there is a necessity to host these with static elastic ip.. i defined a manual NAT for the outgoing traffic of a web server..
the problem is if FW2 is active ..traffic goes via elastic ip associated with its interface..suppose FW1 starts to take traffic responsibility tomorrow then there is a diff elastic ip associated with it.. i am not sure how the transfer will take place or do i have to use NAT of different kind here
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With Active/Active Cluster there is no VIP. The Client will be natted with the current "ACTIVE" member Public IP in the cluster , so it will be one of two ip addresses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the AWS Active-Active Geo cluster configuration, one member acts as a 'Master' member and the other one as 'Slave'.
the 'Master' will always be the one passing traffic, unless there's a failover - and then the 'Slave' will take control. - once the 'master' is back up - the control will again go back to him.
The factor to determine who is the 'Master' is by their IPs. the member with the lower ip will be the 'Master' (we test on sync interface - eth1, but also eth0 should have the same behavior).
e.g:
mem A eth1 IP: 10.0.0.1
mem B eth1 IP: 10.0.0.2
since mem A ip < mem B IP - > mem A will be the 'Master'
Hope that this answers your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
A ok, thats actually interesting, thanks for clarifying!