Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vato_Chantladze
Contributor
Contributor
Jump to solution

Is CP planning to support Load-Sharing in future releases?

Hi,

As you know, MB-30 limitation is set for R80.20:

ClusterXL R80.20 Administration Guide: The R80.20 ClusterXL does not support the Load Sharing mode (R80.20 Known Limitation MB-30).

I have started thinking about this topic because the Check Point released R80.20 without Load Sharing option. 

In general, what is your opinion, is CP planning to continue support for Load-Sharing Active-Active state in future releases?

 

BR
Vato

1 Solution

Accepted Solutions
13 Replies
Danny
Champion Champion
Champion

Here is the relevant link to R80.20 Known Limitations - ClusterXL.

Check Point plans to bring back support for Load Sharing in H1/2019.

I also can't understand how Check Point can state in sk95746 that R80.20 'is considered Check Point's default version (widely recommended for all deployments)' while excluding all Load Sharing customers in Known Limitations and let them stay to R77.30 as previous recommend release that expires in.. wait a second.. September 2019. We have many Load Sharing customers for a reason. It works well and reduces the load that one clusternode alone is not capable of handling. Of course there are Load Sharing limitations one has to consider. Yes it's not very efficent but truth is that it helps resolving performance issues very well.

Maestro as a way out from ClusterXL Load Sharing?

Maestro is a Mellanox solution running on Mellanox OS. In redundant environments you would need at least two Mellanox er.. Maestro appliances and then three Check Point appliances to get the same performance Load Sharing with three Check Point appliances provides. That's five appliances instead of three. I see Maestro more as a solution for really big customers with very high demands for scalability, not the average mid-to-high size end user with standard demand for a single high performance load sharing cluster. I've never seen any official recommendation against ClusterXL Load Sharing, only some comments from Val here against it. As long as there is no official statement against Load Sharing it as an avid customer requirement Check Point should provide and support at the same level of service and quality as for HA.

Vato_Chantladze
Contributor
Contributor
R80.20 was released on September 26, 2018. As of January 15th, 2019, R80.20 Take 101 with Jumbo Hotfix Accumulator take_17 (described in sk137592) is considered as Check Point's default version (widely recommended for all deployments).

It's strange that R80.20 is set as default recommended version for all deployments. Many customers are using Load-Sharing mode from R77.X - R80.10, They are unable to upgrade based on this limitation. 

 

Regarding Maestro, yes, It is a far different story. This is definitely for big customers, not for them who have 2x or 3x appliances and want to increase performance by changing HA mode. 

Timothy_Hall
Legend Legend
Legend

In regards to ClusterXL Load Sharing, it is true that there are no official recommendations against it but it was "unofficially" discouraged.  But based on my experience I went a lot further in the first edition of my book, explicitly stating in writing that ClusterXL Load Sharing introduces a level of complexity that is generally not worth the performance gains in most situations.  This pronouncement remained basically the same in the second edition of my book.

Now I'll admit that I was quite nervous about this statement in the first edition (along with some others involving SecureXL) and actively wondered if I should soften it prior to publication, expecting that I might catch some serious flak for it from individuals both inside and outside of Check Point.  To date the amount of grief I have received for this statement is...exactly zero.  In fact I have received wholehearted support and praise for saying it, which I want to reiterate is only my personal opinion.

Even though I am definitely not a fan of ClusterXL Load Sharing, I was a bit surprised to see that it wasn't supported in R80.20, along with the ability to use IPv6 with the new 3.10 kernel.  I assume R80.30 will eliminate these limitations, especially since the R80.30 EA was announced shortly after R80.20 was officially recommended.

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
An_Nguyen
Participant

We have been using the ClusterXL Load Sharing because we have two different ISPs that come into each physical location. Without additional Load Balancer (like F5 or something similar), we probably won't be able to utilize both ISPs all the time. CheckPoint Load Balancing Active/Active works great for this.

0 Kudos
_Val_
Admin
Admin

@An_Nguyen I believe you are mixing ISP redundancy in a Load Sharing mode (supporting two different ISPs at the same time, as in your case) and ClusterXL Load Sharing. 

 

Those are different features

0 Kudos
PhoneBoy
Admin
Admin

Load Sharing has a few limitations, see:

The amount of sync traffic required for ClusterXL Load Sharing significantly limits its scalability, particularly as you get into 3 and 4 node clusters.

It also reduces overall cluster resiliency in the case where one member fails, particularly if you are utilizing the load sharing cluster at or near capacity.

Given the above, I usually advocate for buying right-sized appliances for an HA configuration versus buying smaller appliances using load sharing.

And, in fact, this is what the vast majority of our customers do.

Maestro solves a lot of these limitations and improves scalability dramatically over ClusterXL Load Sharing.

Vato_Chantladze
Contributor
Contributor

Hi!

I'm not a big fan of ClusterXL Load-Sharing mode. I'm sure no one thinks every customer should use it during project planning outline. And I fully agree with the fact that every customer should buy a solution where they will leave room for growth!

And after that, there is a reality, wherein some scenarios customers are forced to use active-active mode because they need additional resources from the devices. At least for some time until they will purchase new and bigger appliances Smiley Happy

I hope CP will not "kill" this feature and as you mentioned they will support it in future releases.

BR

0 Kudos
PhoneBoy
Admin
Admin

As was noted previously, we do plan to bring it back later this year.

nsoares
Explorer

Does the R80.30 release support load sharing?

0 Kudos
Dmitrijs_Uljano
Explorer

NO

0 Kudos
_Val_
Admin
Admin
0 Kudos
ginnanas
Explorer
When will it be available again?
0 Kudos
_Val_
Admin
Admin
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events