This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have one, create one now for free!
Patrick150781
Explorer
‎2020-01-28 12:29 AM

Failover behavior in VSX environment

Dear CheckMates Community,

coud someone of you explain how failover works in a VSX environment. As far as I know, in a non VSX default setup the first and the last VLAN on a trunk interface will be monitored. If on of this VLAN can't process CCP pakets a pnote will be genarated an failover to the other (standby) cluster member.

But how does it works in VSX?

Please check below some outputs:

 

cphaprob -a if

vsid 5:
------
CCP mode: Manual (Broadcast)
Required interfaces: 4
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp321 UP non sync(non secured), broadcast
wrp320 UP non sync(non secured), broadcast
bond3 UP non sync(non secured), broadcast, bond Load Sharing (bond3.1002)

Virtual cluster interfaces: 9

wrp321 x.x.x.x
wrp320 192.168.x.1
bond2.2506 192.168.23x.46
bond2.1050 192.168.2x.164
bond2.2503 192.168.23x.22
bond3.1002 x.x.x.x
bond2.2509 192.168.23x.70
bond2.2505 192.168.23x.38
bond2.2504 192.168.23x.30

 

cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

ID Unique Address Assigned Load State Name

1 192.168.x.25 0% STANDBY fw1
2 (local) 192.168.x.26 100% ACTIVE fw2


Active PNOTEs: None

Last member state change event:
Event Code: CLUS-115704
State change: STANDBY -> ACTIVE
Reason for state change: Member state has been changed due to issue in Virtual System 0
Event time: Tue Jan 21 11:04:26 2020

 

Thank you in advance.

BR

Patrick

 

0 Kudos
1 Reply
_Val_
Admin
Admin
‎2020-01-30 08:57 AM

Hi Patrick, I can see that you are running VSX in HA mode and not VSLS.

If HA, the interface probing stays the same, cluster fails over with all VSs from one physical member to another. With VSLS, the failover happens on per VS basis, unless one of your machines is completely dead. All VLANs are probed on per VS basis.

 

However, in your case I can also see that there was an issue on VS0, meaning on the physical entity. It does not seem to be an interface failure related to VLANs, as VS0 only operates MGMT IF and Sync IF.

0 Kudos