cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

ClusterXL Issue

Jump to solution

Hi guys,

I have the problem that the Cluster XL change several times a go from active to standby. How can I analyze this issue? How get I the change out?

Regards

Ali

2 Solutions

Accepted Solutions

Re: ClusterXL Issue

Jump to solution

A typical issue is ClusterXL under freeze. ClusterXL administrator would like to suppress the messages printed by the Cluster Under Load (CUL) mechanism (see sk92723) in the /var/log/messages file and in the dmesg. I always enable this on the cluster to solve this "under freeze" issue.
 

1) Open vi and add the following settings 

  # vi $FWDIR/boot/modules/fwkern.conf

  add the Line:

  fwha_freez_state_machine_timeout=0

2) Reboot all Gateways

If that is not the issue, please send a message. Then I can give you further debugging informations.

Regards,

Heiko

Re: ClusterXL Issue

Jump to solution

The fwkern.conf file does not always exist by default.  So if the file is not there just go ahead and create it.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
11 Replies

Re: ClusterXL Issue

Jump to solution

Hi Ali,

- check cluster state (cphaprob stat)
- check interface error (cphaprob -a if )
- check change time (clish -c "show routed cluster-state detailed")
- check /var/log/messages

Regards

Heiko

Re: ClusterXL Issue

Jump to solution

In your firewall logs look for "Control" log entries (the associated icon is a wrench), as these will tell you exactly why the cluster failed over.  Filter "type:Control" can be used to find these log entries in the R77.30 SmartLog GUI or the R80+ SmartConsole.

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Re: ClusterXL Issue

Jump to solution

I can see cluster flapping during policy installation.

Re: ClusterXL Issue

Jump to solution

A typical issue is ClusterXL under freeze. ClusterXL administrator would like to suppress the messages printed by the Cluster Under Load (CUL) mechanism (see sk92723) in the /var/log/messages file and in the dmesg. I always enable this on the cluster to solve this "under freeze" issue.
 

1) Open vi and add the following settings 

  # vi $FWDIR/boot/modules/fwkern.conf

  add the Line:

  fwha_freez_state_machine_timeout=0

2) Reboot all Gateways

If that is not the issue, please send a message. Then I can give you further debugging informations.

Regards,

Heiko

Re: ClusterXL Issue

Jump to solution

Sorry, configure this on gateway and reboot the gateway.

Regards,

Heiko

Re: ClusterXL Issue

Jump to solution

Is this setting permanent after reboot?

Re: ClusterXL Issue

Jump to solution

Yes, it is permanent.

Regards,

Heiko

Re: ClusterXL Issue

Jump to solution

Hello Heiko,

it works perfectly. The gateway no longer flippig during policy installation.

Thanks for the help.

Ali

Re: ClusterXL Issue

Jump to solution

If you add parameters in $FWDIR/boot/modules/fwkern.conf file, then they survive a reboot and applied only after a reboot. This is mentioned in the provided sk92723, please read it carefully first. You can additionally read Changing kernel global parameters article.

You can also try to change a parameter by the following commands (applied on-the-fly, not survive a reboot):

fw ctl get in <paramater>

fw ctl set int <parameter> <value>

Example for CUL mechanism, that Heiko provided:

fw ctl get int fwha_freez_state_machine_timeout - prints current value of the parameter

fw ctl set int fwha_freez_state_machine_timeout 0 - sets value for the parameter

I would recommend to try it first, and see if it helps.

Re: ClusterXL Issue

Jump to solution

Hi Haiko,

Your solution is correct, I have applied on one cluster and it works smooth. But I have one more cluster have the same problem, but the file is not available. 

If this file vi $FWDIR/boot/modules/fwkern.conf is not available then, what we can?

 

Regards

Yatiraj

Re: ClusterXL Issue

Jump to solution

The fwkern.conf file does not always exist by default.  So if the file is not there just go ahead and create it.

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com