cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
George_Liu
Nickel

Using VLAN on cluster Sync interfaces (不負責任測試說明)

Refer sk34574.

Symptoms
  • Synchronization fails after configuring Sync interfaces on high VLAN tag when several VLAN tag are configured on the physical interfaces
Cause

    By design, the synchronization network is supported on the lowest VLAN tag only.

Solution

    For example, if three VLAN tags are configured on interface eth1 - 10, 20 and 30, then only interface eth1.10 may be used for Synchronization.

In ATRG:Cluster, P.28, (2-5) Configuring synchronization network, also mention same as above.

Implementation:

1. Create a bond interface.

2. add two physical network interfaces into bond group.

3. create 5 vlan interfaces (2, 4, 6, 8, 10)

4. set bond1.8 as sync interface in cluster object topology

Result:It's work. Sync interface can be any vlan id rather than lowest vlan id.

5 Replies
Neville_Kuo
Silver

Re: Using VLAN on cluster Sync interfaces (不負責任測試說明)

這個兩年前有看過,我還是不敢用其它vland ID,呵呵。

George_Liu
Nickel

Re: Using VLAN on cluster Sync interfaces (不負責任測試說明)

所以是不負責任測試報告。

規劃的時候,沒注意客戶已經用了 8 個 interface,新購的 open server 硬生生只有 4 個 port,所以,某夜周公告訴我,可以試試做一個大 bond 再加 vlan tag 把所有的線路收容進去,才產生了這篇不負責任的結果。

George_Liu
Nickel

Re: Using VLAN on cluster Sync interfaces (不負責任測試說明)

另外補充一下,by design,同一個 bond interface 裡,secured interfaces 只會 monitor 最高 & 最低的二個 vlan id interface status。

意思是,當 switch 端介接的 port 只有這二個 vlan 發生變化 (vlan down),這個時候,這整個 bond 才會認為是 fail,如上例,只有 vlan 2, 10 switch 端發生變化,介接的 check point 才會發生 interface down 而 fail over。

據 TS 的說法是 vlan interface 是 base on physical interface ,所以當 physical port down 才會發生作用, switch 端不應該會常變動介接 port 的 vlan 狀態;若有需要,也可以調整 (我沒要 KB) monitor all vlan,據說 (??) 會有 overhead。

Neville_Kuo
Silver

Re: Using VLAN on cluster Sync interfaces (不負責任測試說明)

我就大膽的假設啦,就是CCP(UDP 8116)的關係,它是非常吵雜的protocol,在同一個physical裡切了這麼多vlan interface,每個都要交換CCP, CPHA光是處理這些loading就會再高一些了。

Employee+
Employee+

Re: Using VLAN on cluster Sync interfaces (不負責任測試說明)

Update to George,

在Cluster admin Guide或是VSX admin Guide中有寫到可以調整Bond interface的Monitor要斷到剩下多少Port才認為interface failed。

可以參考ClusterXL Administration Guide R80.10 (Part of Check Point Infinity) 第128頁