Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jose_Luis_Calle
Explorer

loopback interface as Router ID in a Cluster XL configuration

Hello mates!

CP recommends when configuring OSPF, set a loopback interface different from 127.0.0.1 ... If we have a ClusterXL, we can set the same @ip in a new loopback interface on both firewalls and set this ip as Router ID or we must maintain the default configuration? Thanks in advance!

5 Replies
PhoneBoy
Admin
Admin

The Router ID should be configured to one of the cluster IP addresses.

It should be configured this way on all cluster members.

This is explicitly stated here: OSPF on Gaia 

0 Kudos
CheckPointerXL
Advisor

Hello Phoneboy,

starting from 81.10 it seems that is possible to configure loopback: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

that procedure looks very bad to me because of any new "Get interfaces with/without topology" will invalidate/delete the manually added Loopback interface in Cluster object under network management.

 

i've submitted a feedback to sk.

any idea on your side?

0 Kudos
Bob_Zimmerman
Authority
Authority

Why would you make a loopback for this? The router ID is not an IP address. It's just a number. All members of a cluster must use the same number, but it doesn't need to have any relation to any interface. You can use router IDs like 0.0.0.1 which are not valid IP addresses.

0 Kudos
CheckPointerXL
Advisor

I agree with you but i've simply followed admin guide.... https://sc1.checkpoint.com/documents/R81.10/WebAdminGuides/EN/CP_R81.10_Gaia_Advanced_Routing_AdminG...

Use an address on a loopback interface that is not the loopback IPv4 address 127.0.0.1

Important:

In a cluster, you must configure the Router ID to one of the Cluster Virtual IP addresses.

 

So where is the truth?

 

"but it doesn't need to have any relation to any interface."

This statement seems to be very far compared to documentation/admin guide/SKs

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I have customers that do each method successfully (Loopbacks or bonds - not VSX). 

Traditional network folk like Loopbacks because they should never go down, historically differing vendor implementations could do odd things when ID values are tied to physical interfaces so habits were formed to avoid gotchas.

CCSM R77/R80/ELITE
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events