This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Maarten_Sjouw
Champion
Champion
‎2020-03-04 12:25 AM

Uplink Bonding in a VSX Maestro Dual Site environment

Been trying to find this in the documentation but there is very little to find on this.

Single site is easy, but how to go about a dual site? I have 2 interfaces on site 1 and 2 interfaces on site 2, now I need to create a VSX environment, do I create a cluster (a security group per site) or a single gateway? If a single gateway do I add all 4 interfaces to the same bond? In LACP (VPC) Mode would that work? 

There is nothing in the R80.20SP VSX admin guide, nor in the R80.20SP admin guide, in the Maestro R80.20SP Getting Started Guide there is some information on the usage of Bond interfaces for Uplinks but it is only very basic and it refers to the Maestro Gaia R80.20SP Administration Guide which also does not take the Dual site setup's into account.

Another issue regarding dual MHO is that you need to setup Management Bond, which is also missing in the Maestro R80.20SP Getting Started Guide, which should be part of the Configuring Gaia Settings of a Security Group.

 

Sevral manuals are just copies of the R80.20 manulas and have parts that are adjusted but i.e. the VSX manual still does not tell you how VSLS works in the Maestro setup in a dual site configuration.

Regards, Maarten
0 Kudos
5 Replies
Uri_Lewitus
Employee
Employee
‎2020-03-04 12:35 AM

Looking into it and will post back

Thanks for reporting Maarten

-Uri

0 Kudos
Anatoly
Employee
Employee
‎2020-03-04 04:41 AM

Hi,

Dual site is defined per Security Group. If Security Group is defined to be dual-sited, it will include SGMs from both sites, but it will be still the same security groups.

 

Regarding bonds, these must to be identical on both sites.

As Security Group configuration performed as a single GW, and you configure Bond1 = eth1-05 and eth2-05, for example, these ports must to be connected to switches the same on both sites.

 

Thank you,

 

Anatoly

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-04 05:15 AM
In response to Anatoly

Anatoly,
In my case I have 2 x MHO140, 1 in each site, 2 ports on each are in a port-channel on the switch with LACP (VPC) setting, so do I just add all 4 ports in the 1 bond interface and will the switches just accept that?
Regards, Maarten
0 Kudos
Anatoly
Employee
Employee
‎2020-03-04 05:21 AM
In response to Maarten_Sjouw

These are not 4 ports, these are just two. As security group works as a single GW, it does not differ between sites.

eth1-05 and eth2-05 represent same ports on both sites.

 

From the physical perspective, both switches will have different port channels, but located under the same vlan (s)

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2020-03-04 05:26 AM
In response to Anatoly

On each MHO140 I have 2 ports that need to be in a portchannel, so port eth1-05 and eth1-06 plus the eth2-05 and eth2-06
Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events