Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- checkpoint:gateway:clusterxl [2015/01/13 22:00]
daniel Seite von checkpoint:edge:checkpoint:vpn1edge:gateway:clusterxl nach checkpoint:edge:checkpoint:checkpoint:edge:checkpoint:vpn1edge:gateway:clusterxl verschoben
+++ checkpoint:gateway:clusterxl [2018/04/30 10:31] (aktuell)
daniel
@@ Zeile 1: / Zeile 1: @@
 ====== Cluster XL ======
+==== ClusterXL Modes ====
+  * **Load Sharing Multicast Mode** (multicast MAC-address)
+  * **Load Sharing Unicast Mode** (highest prio member = pivot)
+  * **New High Availability Mode** (VIP, gratuitous ARP)
+  * **High Availability Legacy Mode** (shared IP and shared MAC)
+==== Mode Comparison ====
+^ ^ Legacy High Availability ^ New  High Availability ^ Load Sharing Multicast ^ Load Sharing Unicast ^
+| High Availability | yes | yes | yes | yes |
+| Load Sharing | no | no | yes | yes |
+| Performance | good | good  | excellence | very good |
+| Hardware Support | all | all | not all routers are supported | all |
+| SecureXL Support | yes | yes | yes, with Performance Pack or SecureXL Turbocard | yes |
+| State Sync Mandatory | no | no | yes | yes |
+| VLAN Tagging Support | yes | yes | yes | yes |
+==== Befehele ====
+''cphaprob –a if'' - Zeigt an, welche Interfaces für synchromisation konfiguriert wurden, ob broadcast oder multicast mode gewählt ist.
+''cphaprob state'' - Zeigt den Status der State-Synchronization und den Status der Cluster-Knoten an.
+''cphaprob list'' - Zeigt den Status der vom Cluster überwachten 'Devices' detailliert, zum Beipiel der Prozesse.
+''cpstat ha –f all | more'' - Zeigt den Status der vom Cluster überwachten 'Devices' in einer Übersicht, zum Beipiel der Prozesse.
+''fw ctl pstat'' - Übersiucht der State Sync Kommunikation. ([[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34476&js_peid=P-114a7ba5fd7-10001&partition=General&product=ClusterXL,|sk34476]])
+''cphaconf set_ccp broadcast|multicast'' - To change the CCP mode between broadcast and multicast.
+''show routed cluster-state detailed'' - Show history of cluster state change
 === ClusterXL und VRRP ===
@@ Zeile 8: / Zeile 39: @@
 === Ping auf Standby Knoten ===
-Ping auf VIP und physikalische IP gleichzeitig erlauben: ''fw ctl set int fw_allow_simultaneous_ping 1.''
+Ping auf VIP und physikalische IP gleichzeitig erlauben:\\
+''fw ctl set int fw_allow_simultaneous_ping 1.''
+=== Cluster Staus Change prüfen ===
+''show routed cluster-state detailed''
+==== Sticy Descission Function ====
+A connection is considered sticky when all of its packets are handled, in either direction, by a single cluster member. This is the case in High Availability mode, where all connections are routed through the same
+cluster member, and hence, sticky. This is also the case in Load Sharing mode when there are no VPN
+peers, static NAT rules or SIP.\\
+In Load Sharing mode, however, there are cases where it is necessary to ensure that a connection that
+starts on a specific cluster member will continue to be processed by the same cluster member in both
+directions. To that end, certain connections can be made sticky by enabling the Sticky Decision Function.
+> Note - For the latest information regarding features that require sticky connections, refer to the
+[[http://supportcontent.checkpoint.com/documentation_download?ID=24827|R77  Release Notes]].
+The Sticky Decision Function has the following limitations:
+  * Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products.
+  * When the Sticky Decision Function is used in conjunction with VPN, cluster members are prevented from opening more than one connection to a specific peer. Opening another connection would cause another SA to be generated, which a third-party peer, in many cases, would not be able to process.

MyWiki

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge