cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

cluster xl - failure- arp and pings

As far as I understand, in a failure scenario, the secondary node sends ARPs and pings in the segment to diagnose what member has a problem.
Does anybody know more details about it?

0 Kudos
6 Replies

Re: cluster xl - failure- arp and pings

The term you are looking for is "Interface Active Check".  See these SKs:

sk114804: Critical Device "Interface Active Check" on ClusterXL Member reports its state as "problem...

sk22495: Interface flapping (down/up) in a ClusterXL environment

http://downloads.checkpoint.com/dc/download.htm?ID=25321 (ATRG for ClusterXL)

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos

Re: cluster xl - failure- arp and pings

At sk31085 says
"In addition, the secondary will attempt ARP
requests to hosts belonging to the affected segment, and will begin pings to those
hosts that respond. This is done in an attempt to diagnose which member has the
problem."

I guess we can't tweak or customize any of that, can we?

0 Kudos

Re: cluster xl - failure- arp and pings

Sure you can, but I'd suggest obtaining a thorough understanding of what is actually happening before changing any of these:

sk97827: How to change ClusterXL Interface Monitoring Timeouts

Also note that in many cases more than one of these kernel values is used to calculate various ClusterXL timers, so be sure to understand those interrelationships before changing individual values.

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos

Re: cluster xl - failure- arp and pings

The timeouts are okay, I was thinking of trying to give more weight to certain network segment vs other segments by having more host to ping in one segment than the other.

So for example I have two segments, one is important and the other one not so important. I want the HA cluster to fail over due to failures in the not so important segment only if there are no failures in the important segment.


0 Kudos

Re: cluster xl - failure- arp and pings

As mentioned in the thread below there isn't a way to define priorities for different ClusterXL Virtual/Cluster IPs, at least that I'm aware of.  Might make for a good RFE...

Cluster XL - Interfance preference 

--
"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com

Re: cluster xl - failure- arp and pings

Thank very much Timothy. Very much appreciated.

0 Kudos