This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jose_Luis_Calle
Explorer
‎2018-11-13 11:22 AM

loopback interface as Router ID in a Cluster XL configuration

Hello mates!

CP recommends when configuring OSPF, set a loopback interface different from 127.0.0.1 ... If we have a ClusterXL, we can set the same @ip in a new loopback interface on both firewalls and set this ip as Router ID or we must maintain the default configuration? Thanks in advance!

5 Replies
PhoneBoy
Admin
Admin
‎2018-11-16 11:48 AM

The Router ID should be configured to one of the cluster IP addresses.

It should be configured this way on all cluster members.

This is explicitly stated here: OSPF on Gaia 

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2023-01-29 08:32 AM
In response to PhoneBoy

Hello Phoneboy,

starting from 81.10 it seems that is possible to configure loopback: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

that procedure looks very bad to me because of any new "Get interfaces with/without topology" will invalidate/delete the manually added Loopback interface in Cluster object under network management.

 

i've submitted a feedback to sk.

any idea on your side?

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2023-01-29 01:56 PM
In response to CheckPointerXL

Why would you make a loopback for this? The router ID is not an IP address. It's just a number. All members of a cluster must use the same number, but it doesn't need to have any relation to any interface. You can use router IDs like 0.0.0.1 which are not valid IP addresses.

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2023-01-29 02:15 PM
In response to Bob_Zimmerman

I agree with you but i've simply followed admin guide.... https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Gaia_Advanced_Routing_AdminG...

Use an address on a loopback interface that is not the loopback IPv4 address 127.0.0.1

Important:

In a cluster, you must configure the Router ID to one of the Cluster Virtual IP addresses.

 

So where is the truth?

 

"but it doesn't need to have any relation to any interface."

This statement seems to be very far compared to documentation/admin guide/SKs

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2023-01-29 08:13 PM
In response to CheckPointerXL

I have customers that do each method successfully (Loopbacks or bonds - not VSX). 

Traditional network folk like Loopbacks because they should never go down, historically differing vendor implementations could do odd things when ID values are tied to physical interfaces so habits were formed to avoid gotchas.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events