cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Rob_Gaal
Ivory

cluster xl start time after reboot

Hi,

We are currently testing a new R80.10 ClusterXL based firewall cluster and notice the following:

When rebooting one of the cluster member the Cluster XL status  of that member is around 5 minutes in down before it moves over to Standby state:  

cphaprob state


Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 192.168.1.2 100% Active
2 (local) 192.168.1.3 0% Down

Local member is in current state since Thu Nov 2 21:22:55 2017


Cluster Mode: High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 192.168.1.2 100% Active
2 (local) 192.168.1.3 0% Standby

Local member is in current state since Thu Nov 2 21:28:26 2017

Is this normal behavior ?

Kind regards, Rob.

0 Kudos
2 Replies
Admin
Admin

Re: cluster xl start time after reboot

On the surface, that seems reasonable.

Before a cluster member is actually up and ready to accept traffic, the various processes have to be started, the security policy loaded, and connections from the other active system synced.

0 Kudos

Re: cluster xl start time after reboot

Upon the recovery of a cluster member, there is an extended handshake between the two cluster members that may take awhile and includes a full sync.  After a reboot and while the recovered member is still showing "Down", what do these commands show:

cphaprob -a if

cphaprob -ia list

You are likely to see something called a "Recovery Delay" in the output of the second command, which is more or less equivalent to a VRRP Cold Start Delay.  It is also possible the first command will show one or more interfaces as "Down" due to STP delays in your switchports, but that shouldn't last anywhere close to 5 minutes...

See the following for more info:  sk92353: Output of 'cphaprob -ia list' on ClusterXL shows a Critical Device called 'Recovery Delay'

--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
0 Kudos