cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Sync interface IP assignment best practice

Jump to solution

what is best practice to assign IPs to sync interface?  

we are using rfc1918 IPs with /30 for sync interfaces.  recently we discovered this problem.  the IPs that we are using are also used on the network.  when traffic to these destinations hits the firewall it promptly drops the packets due to the stealth rule and also the route is learned as connected.  is there anyway we can exclude the sync interface from advertised?  or do i need to re-ip all of my firewalls sync to use ip such as 127.0.0.0/30?  thanks

 

C 192.168.80.0/30 is directly connected, eth3-01 Sync

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: Sync interface IP assignment best practice

Jump to solution
If your sync IPs are in use elsewhere in your environment, you will need to change your sync IPs.
They should be unique to the cluster and not in use anywhere else in your environment.

View solution in original post

4 Replies
Highlighted

Re: Sync interface IP assignment best practice

Jump to solution

See ClusterXL Administration Guide R80.20:

We recommend that you secure the synchronization interfaces using one of the following strategies: 

• Use a dedicated synchronization network. 

• Connecting the physical network interfaces of the Cluster Members directly using a cross-cable. In a cluster with three or more members, use a dedicated hub or switch. 

Notes: 

• See Supported Topologies for Synchronization Network (on page 26). 

• You can synchronize members across a WAN. To do this, do the steps in Synchronizing Clusters on a WAN (on page 54). 

• In ClusterXL, the synchronization network is supported on the lowest VLAN tag of a VLAN interface. For example, if three VLANs with tags 10, 20 and 30 are configured on interface eth1, only interface eth1.10 may be used for synchronization. 

Highlighted

Re: Sync interface IP assignment best practice

Jump to solution

sorry if I wasn't clear with my question.  

I want to know what is the best practice of IP assignment to the Sync interface.  I am using 192.168.80.1 and 192.168.80.2 for the firewalls with /30 mask.  this is a private range and I never thought it would cause a problem until I find out there is an actual system using the same IP.  so when the packet arrived at the firewall, the firewall see the destination as directly connected.  it drops the packet.  from the firewall's route table perspective I never thought the crossover cable for the Sync interface would be advertised.  but it is and it's a problem.

question is do I need to re-ip the sync interfaces?  or my preference is how to stop the sync interface IPs being advertised?

 

0 Kudos
Highlighted
Admin
Admin

Re: Sync interface IP assignment best practice

Jump to solution
If your sync IPs are in use elsewhere in your environment, you will need to change your sync IPs.
They should be unique to the cluster and not in use anywhere else in your environment.

View solution in original post

Highlighted

Re: Sync interface IP assignment best practice

Jump to solution
There is a range of IP's that will not be routed anywhere and should only be used for network connections, this is the 100.64.0.0-100.127.255.255 range, also called the ISP range.
IP's from this range will not interfere with anything else and are growing in popularity for this kind of use.
Regards, Maarten