This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Charles_Hurst
Contributor
‎2018-04-18 10:08 AM

RIP on ClusterXL

Hey all,

Just playing about in my Lab and I've got two CP GW's running on ESXi with a Vswitch for the External interfaces, this then connects to a physical Cisco 3750 switch and is trunked to a Cisco 887 with a VDSL internet link. To make my life easier I configured RIPv2 and this works well in the sense my CP's have internet access without messing about with routes.

However my ClusterXL now shows that ClusterXL has a problem on the standby node:

routedproblem0

Is the error, if I flip the cluster nodes then it goes to the other node. If I check the routes no RIP routes show on the standby node. I then thought ah maybe its because its not using the VIP so I ticked the Virtual Address box on the RIP interface setup but that just broke everything (I think I then read that is for VRRP not ClusterXL?)...

Anyone had this before, its not a game changer for my studying as my lab still works but a tad annoying.

Thanks,

Charles

6 Replies
Vladimir
Champion
Champion
‎2018-04-18 10:17 AM

Please check if you are using vMAC in the ClusterXL properties and if not, try enabling it.

When RIP is configured on cluster, nexthop gateway sees cluster members' physical addresses as ... 

Charles_Hurst
Contributor
‎2018-04-18 10:24 AM
In response to Vladimir

Hey,

Sorry forgot about that setting I meant to go back and look at that after this..

https://community.checkpoint.com/thread/7328-interface-bonding-problem 

You'll be glad to know I've got rid of VirtualBox & GNS3 and I'm not running a full Cisco Stack with ESXi hosting my CP's and its a million times better!

I'll investigate vMAC and report back!

Thanks,

Charles

0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-04-18 11:13 AM
In response to Charles_Hurst

Next to that make sure that you have set you clustering to broadcast as multicast is by default not allowed on these VM Vswitches. Or on the ports make sure to disable all security features, especially when you are working with vMAC.

Regards, Maarten
Charles_Hurst
Contributor
‎2018-04-18 11:57 AM
In response to Maarten_Sjouw

Ah ok that makes sense.. I've changed over to Broadcast and lost all my routes.... tried to change RIPv2 to Broadcast on my Cisco Router and I need a firmware upgrade (typical ha!) the command doesn't exist so I've put it back and will tackle upgrading that firmware tomorrow far too late in the day now!

Thanks for the extra information! Everyday's a school day!

Charles

HeikoAnkenbrand
MVP Platinum
MVP Platinum
‎2018-04-18 11:54 AM

To your question " I think I then read that is for VRRP not ClusterXL?". It also works with VRRP.

Gaia supports the advertising of the virtual IP address of the VRRP Virtual Router. You can
configure RIP to avertise the virtual IP address rather than the actual IP address of the interface . If you enable this option, RIP runs only on the master of the Virtual Router; on a failover, RIP stops running on the old master and then starts running on the new master. A traffic break might occur during the time it takes both the VRRP and RIP protocols to learn the routes again. The larger the network, the more time it would take RIP to synchronize its database and install routes again.

Regards

Heiko

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
Charles_Hurst
Contributor
‎2018-04-18 11:59 AM
In response to HeikoAnkenbrand

Hey Heiko,

Thanks for replying as you can tell fairly new to CP.

You mentioned "Gaia supports the advertising of the virtual IP address of the VRRP Virtual Router" sorry just to confirm is this feature only for VRRP then? It doesn't work on ClusterXL does it?

VRRP is the older method of High Availability I believe isn't it?

Thanks,

Charles

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events