Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tuannnnnnnnn
Participant

Rebooting one of MHOs causing disruption to VSX management traffic

Hi folks,

Encountered this issue as we are about to migrate to Check Point Maestro.

We are deploying single-site dual MHOs, with a single security group of 2 SGWs. Underneath we have configured 2 VSX, VS0 as management and VS1 is being used for data traffic.

image.png

The management links of SecGroup are connected to Cisco FEX (in Enhanced vPC). The port-channel itself on Cisco side is configured mode On, and bonding mode for Magg is configured as XOR.

When we try to reboot MHO-02, we started seeing disruption to management IP of VS0 for about a minute (which seems longer than our expectation). Everytime, roughly 25-26 ICMP packets from outside were dropped. However, when rebooting MHO-01, such disruption did not occur.

Data was not affected in the meantime. We tried pinging from SMC (whose IP is on the same subnet as VS0's MGMT IP) and did not see any drop either.

Has anyone seen or encountered the same?

 

Tuan

0 Kudos
0 Replies