Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
puneet
Explorer

maestro failover if we are using bond interface

In our current design we will be creating a bond with 4 interfaces (2 interfaces from each MHO). MHO1 will be the primary(Active), in which case will the failover occur and 2nd MHO will become active.

Do both the interfaces on the primary MHO need to fail for failover or will the failover occur even if one interface of primary MHO fails ?

0 Kudos
13 Replies
Chris_Atkinson
Employee Employee
Employee

A single bond with 4 interfaces... refer here:

https://community.checkpoint.com/t5/Maestro/Uplink-bond-configuration-for-redundant-router/td-p/1507...

Hence to start it's important to distinguish which deployment method is used here?

Single Site Dual MHO Cluster  vs  Dual Site Single MHO Cluster.

CCSM R77/R80/ELITE
0 Kudos
puneet
Explorer

it is single site dual MHO cluster and we want to failover if any interface(from bond1) from MHO1 goes down.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

This would be a single bond all links active think vPC. 

CCSM R77/R80/ELITE
0 Kudos
Wolfgang
Authority
Authority

Both MHOs are active, no failover needed.

0 Kudos
puneet
Explorer

we are using active/standby concept.  

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Single site deployment looks like this: both MHO are active.

Single Room202011060952171.png

 

CCSM R77/R80/ELITE
0 Kudos
puneet
Explorer

Thank you for reply. I have few more queries regarding the maestro architecture. 

Question 1: is maestro always work in Active/Active state in single site dual orchestrator with 3 security gateways connecte with
both the orchestrators and uplink switch is in VPC mode?

Question 2: Can we configure active /standby state in single site dual orchestrator with 3 security gateways connect with
both the orchestrators? if yes , can you please share the design and configuration?

Question 3: if we are using maestro Active/Active mode then how we can configure the interfaces in bond with active and backup state?
as depicted in diagram can we decide which 2 ports always be in active state in bond and backup interfaces will be active in
case of current active interface is down?

 

0 Kudos
Dario_Perez
Employee Employee
Employee

1.-Yes, both orchestrator should be connected on switches as regular uplink, they are a bond. 

2 & 3 -MHO are Active/Active, what you control is the bond. On the bond you can configure primary interface

0 Kudos
Dario_Perez
Employee Employee
Employee


@Dario_Perez wrote:

1.-Yes, both orchestrator should be connected on switches as regular uplink, they are a bond. 

2 & 3 -MHO are Active/Active, what you control is the bond. On the bond you can configure primary interface



if you have a regular cluster like this

 

regular cluster.png

then your deployment should be something like this

sg1_2.png

 
 

 

 

0 Kudos
puneet
Explorer

Thanks for your prompt reply.

2 & 3 -MHO are Active/Active, what you control is the bond. On the bond you can configure primary interface ( Can you please share the conf/commands to configure this on bond interface.

 

1.-Yes, both orchestrator should be connected on switches as regular uplink, they are a bond. 

if maestro in single site dual orchestrator is always active/active . it is a default behavior or we have to configure it ?

 

0 Kudos
puneet
Explorer

is it active/standby design ? i didn't find any configuration document or any details in checkpoint admin guide. do you have any document which we can use to configure the device ?

puneet_1-1673425875892.png

 

0 Kudos
Dario_Perez
Employee Employee
Employee

Maestro is all active/active solution, what you can define as Active/Standby on single site configuration is the bonding

in case you have eth1-05 in orch1 and eth2-05 in orch2 you can define on bond which one is active and other remain as Backup. 

0 Kudos
puneet
Explorer

Thank You. it means we can only achive this via bond active/backup mode option else all the ports will work in load balance mode. 

one more query.

While we are using Maestro Active/active orchestrator and we have 3 gateways connected with both the orchestrators on 10 G DAC cable ? what would be the bandwidth we will have on downlink ?Is it 60 GB or we will have only 30 GB downlink bandwidth?

0 Kudos