This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DR_74
Collaborator
‎2021-04-08 01:07 AM
Jump to solution

How to failover a VSX cluster in VSLS mode?

Hi,

I need to perform a full failover of my VSX Cluster XL environment for a maintennace window. (R80.30)

Right now, the VSX cluster uses VSLS but all VSs are active on the same VSX node (member1).

So what would be the best way to force a full failover to the VSX member2?

I read sk56060 which says the best way is "clusterXL_admin down" but in sk95133, it is said that with "clusterXL_admin down" the VS do not become active on the Active Member.

In our case we need to have all VS switched to VSX member2 (included vs0)

Thanks for clarification and help

 

0 Kudos
3 Solutions

Accepted Solutions
Sigbjorn
Advisor
Advisor
‎2021-04-08 01:18 AM
Jump to solution

The proper way to do a controlled failover would be to use the "vsx_util vsls" tool.

Run it on the management server, and connect to the vsx cma/sms to change priority and move the virtual systems.

View solution in original post

Sigbjorn
Advisor
Advisor
‎2021-04-08 01:36 AM
In response to DR_74
Jump to solution

That's just to configure the distribution of the virtual systems. We don't process traffic on vs0 for our VSX clusters, that's just for management, snmp etc, so a failover there wouldn't be required for normal upgrade operations.

If you must failover vs0 as well, I think clusterXL_admin down in that context is a decent option.

View solution in original post

Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-04-08 07:17 AM
In response to DR_74
Jump to solution

You can always just run 'cphastop'. It's a bit brute force, but should stop clustering entirely on the member where it is run, which will cause the other members to realize it's down and rebalance.

You mentioned you're using VSLS, but all your active contexts are on the same member. That seems odd. Are you sure you're using VSLS and not normal HA?

View solution in original post

7 Replies
Sigbjorn
Advisor
Advisor
‎2021-04-08 01:18 AM
Jump to solution

The proper way to do a controlled failover would be to use the "vsx_util vsls" tool.

Run it on the management server, and connect to the vsx cma/sms to change priority and move the virtual systems.

DR_74
Collaborator
‎2021-04-08 01:25 AM
In response to Sigbjorn
Jump to solution

Hello,

Thanks for the reply.

Does this also failover the vs0? or only the other vs?

0 Kudos
Sigbjorn
Advisor
Advisor
‎2021-04-08 01:36 AM
In response to DR_74
Jump to solution

That's just to configure the distribution of the virtual systems. We don't process traffic on vs0 for our VSX clusters, that's just for management, snmp etc, so a failover there wouldn't be required for normal upgrade operations.

If you must failover vs0 as well, I think clusterXL_admin down in that context is a decent option.

DR_74
Collaborator
‎2021-04-08 01:38 AM
In response to Sigbjorn
Jump to solution

Actually, we need to perform a failover for a Case.

We were asked to switch everything on the other node (all VS including vs0).

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-04-08 07:17 AM
In response to DR_74
Jump to solution

You can always just run 'cphastop'. It's a bit brute force, but should stop clustering entirely on the member where it is run, which will cause the other members to realize it's down and rebalance.

You mentioned you're using VSLS, but all your active contexts are on the same member. That seems odd. Are you sure you're using VSLS and not normal HA?

DR_74
Collaborator
‎2021-04-08 07:56 AM
In response to Bob_Zimmerman
Jump to solution

Yes, VSLS is used as if we are in HA mode. Just in case one day we need to share VS on the different VSX.

Thanks to your answer I was able to play with:

- clusterXL_admin up|down to failover a single VS (1 by 1)

- cphastop to failover everything in 1 command

- vsx_util vsls to switch VS without putting in DOWN state

 

0 Kudos
Anthony_Kahwati
Collaborator
‎2021-04-08 07:50 AM
In response to Sigbjorn
Jump to solution

Agree with this as well. We have always used vsx_util to manually move the VS's until we want them back where they belong. If it is for a case, this sounds like the best and cleanest option.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events