What kind of Network Switch are you using?
Are you using Multicast...by default ClusterXL uses Multicast...may want to
use Broadcast instead.
-----Original Message-----
From: Cáceres Cotarelo, Francisco Javier
[mailto:franciscoj.caceres AT GETRONICS DOT COM]
Sent: Wednesday, November 17, 2004 4:52 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] ClusterXL New Mode secondary IPs problem
Hi guys,
I've been lately trying to make the ClusterXL new mode to work migrating
from an old StoneBeat installation. The new cluster is formed by two nodes
with SecurePlatform R55. Smartcenter is also R55. The system works well
until we try to use secondary cluster IPs. The problem is more or less de
following:
Both machines have several NICs to interconnect different subnets. On
several physical interfaces it was needed to configure a few secondary IPs
(eth0:1, eth0:2, and so on). The problem arises when configuring clusterXL
for those secondary IPs. The system works with all the clusterIPs answering
fine to request, but when failover occurs, only the IP cluster of the first
IP (lets say, the one associated with eth0), survives.
After tracing the issue with an scanner, we observe that the node taking
over releases gratuitous arp for its real IPs and for the cluster IP's, but
only to those cluster IPs related to the main IP of each interface. In other
words, the node do not release gratuitous arp for the cluster IPs of those
secondary IPs defined in the interfaces. If you delete the arp table and
from a node request an ARP for a cluster IP of one of these secondary
cluster IPs, it works fine, but it does make the system not viable for an
automatic transition.
I've tried everything like:
enabled proxy_arp feature at the secureplatform level (echo "1"...)
added static routes to the cluster secondary ips through the real ips of the
interfaces.
defined proxy arp static for the secondary's cluster IPs.
Disable Extended cluster anti-spoofing.
Has any of you got an idea why this is happening? Any help would be more
than appreciated.
Best Regards,
Javier.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
