Hi,
Anyone here experience that routes disappear after reboot in a ClusterXL
configuration with different subnets?
Here is the scenario:
I got a single firewall today with official ip-address 4.1.2.1
(fictional) on eth2. I'm in the process of upgrading it to a ClusterXL
HA solution.
This is the only ip-address that is available on that subnet so I have
to configure the node ip-addresses on a different subnet. This is
supported by CP and is described in their ClusterXL UserGuide.
So I got the following configuration on the nodes:
[Expert@fwA]# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:13:21:78:AC:8E
inet addr:10.253.253.1 Bcast:10.253.253.32
Mask:255.255.255.240
[Expert@fwB]# ifconfig eth2
eth2 Link encap:Ethernet HWaddr 00:13:21:78:AC:8E
inet addr:10.253.253.2 Bcast:10.253.253.32
Mask:255.255.255.240
cphaprob -a if:
Virtual cluster interfaces: 1
eth2 4.1.2.1
Now I need to route the 4.1.2.1/255.255.255.240 subnet to eth2 to be
able to add routes:
10.253.253.0 0.0.0.0 255.255.255.240 U 0 0 0
eth2
4.1.2.0 0.0.0.0 255.255.255.240 U 0 0 0
eth2
<note>
(Note: on SecureKnowledge CP say that you should add the official
network like this:
fwA:
4.1.2.0 10.253.253.1 255.255.255.240 U 0 0 0
eth2
fwB:
4.1.2.0 10.253.253.2 255.255.255.240 U 0 0 0
eth2
However this does not work because then it won't let you add routes to
default gw at all. I will only tell you that the network is unreachable.
In R62 ClusterXL UserGuide they write:
Run sysconfig > routing > add network route > add the routable network
with its subnet, and choose the correct physical interface in this
direction.
Which is what I have done. Add the routeable network directly to the
physical interface and not the node ip-address.)
</note>
The default gw for that interface is 4.1.2.2 so I've added some routes
for that:
10.10.10.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
10.10.11.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
10.10.20.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
10.10.30.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
Now.. Everything seems good right?
Then I do a reboot and some of the routes disappear. Not all, just some.
After reboot:
10.10.11.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
10.10.30.0 4.1.2.2 255.255.255.0 UGH 0 0 0
eth2
I can find all the routes in /etc/sysconfig/netconf.C, but it just
wont't add them after a reboot.
Its always the same routes that disappear even though they are
identical.
I've tried adding them from sysconfig, webui and manually and then do a
save_routes --save. Same result on all.
This happens on R60, R61 and R62
Anyone experienced this?
Regards,
Torkel
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
