Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Marco32
Contributor
Jump to solution

security group management port in dual site

Hello,

I'm starting building a dual site, dual MHO infrastructure and I need some tips.

I want to configure a SG cross site, but I don't undestand how to configure management port for it.

In a singole site, dual MHO the documentation (Maestro basic setup) explain how to create a bond active standby using port 1 of both MHO. In this scenario, I have redundancy to access SMO.

But, how to setup it in a SG cross site? Do I need to use port 1 of both MHO of the second site too? So I have 4 port in this bond?

Regards

M

0 Kudos
1 Solution

Accepted Solutions
Daniel_Szydelko
Collaborator
Collaborator

Yes, magg0 as management bond is relevant for Security Group. As particular SecGrp exists on both sites and ports connections are the same on both sites you are adding / using the same interfaces for both sites.

Mgmt IP is used by SMO Master SGM on active site. You can think about two cases:

- regular Security Group - SMO Master (lowest SGM ID in active site) from active site is using magg0 IP for communication

- VSX Security Group - then it represents magg0 IP for VS0 on active site. No matter if you are using VSX HA or VSLS, there is one site, where SMO Master SGM is active for VS0.

 

When you create another Security Group then you can create another magg (new interfaces) or share the same magg (create magg with Mgmt interfefaces used by first SecGrp) with different IP address.

 

BR

Daniel.

View solution in original post

0 Kudos
7 Replies
Daniel_Szydelko
Collaborator
Collaborator

Hello,

Setup is the same. On second site you need need to attach corespondig mgmt ports (the same as in site 1). Physical connections should be mirrored between sites.

So configuration prompt is using two interfaces in magg (from site perspective) but in reality consist 4 ports (one Mgmt per MHO).

BR

Daniel.

0 Kudos
Marco32
Contributor

Hi Daniel,

if I understand correctly, the magg0 configuration (make with eth1-Mgmt1 and eth2-Mgmt1) is for Security Gateway, so I don't need to do anything on MHO (both site). 

When the magg0 of site2 start to work? In which case?

 

One more thing, if I install a VSX on this SG, and with VSLS balance some VS on site1 and some other VS on site2, when access on the IP assigned to to the SG witch magg0 I use? Site1 or Site2?

 

And if I whant to create a second SG on site1 only with another IP, may I create another magg (like magg1) or can I use the same?

How to see this from SG prospective?


Regards

0 Kudos
Daniel_Szydelko
Collaborator
Collaborator

Yes, magg0 as management bond is relevant for Security Group. As particular SecGrp exists on both sites and ports connections are the same on both sites you are adding / using the same interfaces for both sites.

Mgmt IP is used by SMO Master SGM on active site. You can think about two cases:

- regular Security Group - SMO Master (lowest SGM ID in active site) from active site is using magg0 IP for communication

- VSX Security Group - then it represents magg0 IP for VS0 on active site. No matter if you are using VSX HA or VSLS, there is one site, where SMO Master SGM is active for VS0.

 

When you create another Security Group then you can create another magg (new interfaces) or share the same magg (create magg with Mgmt interfefaces used by first SecGrp) with different IP address.

 

BR

Daniel.

0 Kudos
Marco32
Contributor

Very helful Daniel,

how to find in which site VSX VS0 is active in case of SG cross site?

And, for othes SG if I create a new magg have I to name it as magg0 , magg1, magg2 and so on?

 

M

0 Kudos
Daniel_Szydelko
Collaborator
Collaborator

It shoud be enough to use cmd from SecGrp bash: asg stat vs all

No, each SecGrp is isolated from each other so on each you can configure magg0. 

BR

Daniel

0 Kudos
Marco32
Contributor

Many thanks for your support Daniel

Regards

M

0 Kudos
Daniel_Szydelko
Collaborator
Collaborator

No problem and Good luck with implementation!

BR

Daniel.

0 Kudos