cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Vladimir
Pearl

Configuring dynamic routing in clustered VSX

I have run in to the situation where dynamic routing should be implemented on virtual systems in a clustered VSX environment. Can someone tell me if it should be done only on VS' on active cluster member and it will be automatically replicated, or should it be setup on each instance of VS?

Thank you,

Vladimir

8 Replies

Re: Configuring dynamic routing in clustered VSX

Oh dear... Last time I heard about VSX +DR was total disaster. I think customer ditched CP in favour of Juniper at the end. But that was a while ago, think it was R67 VSX Smiley Happy

0 Kudos
Vladimir
Pearl

Re: Configuring dynamic routing in clustered VSX

Well, they have it running now and it's been stable for years. Nothing too complicated: OSPF stub zones and passive interfaces facing hosts.

I am looking at making alterations to their environment and am looking at moving some of their stuff to a bridge-mode VS', but there are still some systems that need to receive the routes from the rest of the infrastructure.

Unfortunately, unless I am not looking in the right places, there is nothing in documentation specifically applicable to clustered systems and dynamic routing. Just references to the Advanced Routing documentation that describing the methods from a single system perspective only.

0 Kudos
Ni_c
Nickel

Re: Configuring dynamic routing in clustered VSX

We were running OSPF on one of our production 61K in VSX with no high availability. However we need to configure DR separately on each cluster member. Have a look at here

Check Point VSX R80.10 (for future PDF publishing) Administration Guide 

0 Kudos
Highlighted
Vladimir
Pearl

Re: Configuring dynamic routing in clustered VSX

May be it's just improper wording, but it says:

"You can also configure dynamic routing separately on each cluster member."

This can be interpreted as not being mandatory.

It can also refer to the dynamic routing on VS0 only.

I am trying to determine if I must configure dynamic routing on all instances of Virtual Systems located on all cluster members, or doing it on a single one running on Active cluster member is sufficient.

0 Kudos
XBensemhoun
Silver

Re: Configuring dynamic routing in clustered VSX

Hi Vladimir,

I have implemented with success OSPFv2 on 23600 VSX Cluster ; no issue.

Each instance has been configured (duplicate configuration on each VSX Gateway for the same VS id) ; start with the Secondary node and then the Primary in order to avoid cluster issues. Cloning group should help about synchronization of needed configuration but I do not use it.

Just : take care regarding OSPF Point-to-Point network (sk116500‌).

Vladimir
Pearl

Re: Configuring dynamic routing in clustered VSX

Thank you!

Vladimir Yakovlev

973.558.2738

vlad@eversecgroup.com

0 Kudos
Employee+
Employee+

Re: Configuring dynamic routing in clustered VSX

Hi Xavier,

can you elaborate: did you have OSPF on VSX(s) or VSs running on VSX?

0 Kudos
XBensemhoun
Silver

Re: Configuring dynamic routing in clustered VSX

We do not use context 0 as a 'firewall' but only all others context (VSid = 1, 2, ...) so we use OSPF on all our VS.

To be more descriptive:

In the following case:

  1. there is one dedicated bond for each VS (bond.1 for VS id 1, bond.2 for VS id 2, ...)
  2. there is one vlan (example : id 1001) to communicate with core switch ; such interface will be the External
  3. the area backbone range is 192.168.0.0/16
  4. off course if you have a cluster : same configuration should be applied on both nodes members
  5. the cost and priority is set on this example to 100 and 200

We have the following configuration applied at the creation process of any VS:

VSXHost:1> show configuration ospf

show instance 1 configuration ospf

set ospf area backbone on

set ospf interface bond1.1001 area backbone on

set ospf interface bond1.1001 hello-interval 1

set ospf interface bond1.1001 dead-interval 3

set ospf interface bond1.1001 cost 100

set ospf interface bond1.1001 priority 200

set ospf interface bond1.1001 authtype md5 key 2 secret ****

set ospf area backbone range 192.168.0.0/16 on

set virtual-system 2
Context is set to vsid 2

VSXHost:2> show configuration ospf

show instance 2 configuration ospf

set ospf area backbone on

set ospf interface bond1.1002 area backbone on

set ospf interface bond1.1002 hello-interval 1

set ospf interface bond1.1002 dead-interval 3

set ospf interface bond1.1002 cost 100

set ospf interface bond1.1002 priority 200

set ospf interface bond1.1002 authtype md5 key 2 secret ****

set ospf area backbone range 192.168.0.0/16 on

...

And then, any time you create an interface, you add on the VSXHost the following line (here : for a vlan 12 on the VS id 2):

set ospf interface bond2.12 area backbone on
set ospf interface bond2.12 priority 1
set ospf interface bond2.12 passive on