Benutzer-Werkzeuge
checkpoint:gateway:clusterxl
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
|
checkpoint:gateway:clusterxl [2015/01/18 14:04] daniel |
checkpoint:gateway:clusterxl [2018/04/30 10:31] (aktuell) daniel |
||
|---|---|---|---|
| Zeile 2: | Zeile 2: | ||
| ==== ClusterXL Modes ==== | ==== ClusterXL Modes ==== | ||
| - | * Load Sharing Multicast Mode | + | * **Load Sharing Multicast Mode** (multicast MAC-address) |
| - | * Load Sharing Unicast Mode | + | * **Load Sharing Unicast Mode** (highest prio member = pivot) |
| - | * New High Availability Mode | + | * **New High Availability Mode** (VIP, gratuitous ARP) |
| - | * High Availability Legacy Mode | + | * **High Availability Legacy Mode** (shared IP and shared MAC) |
| ==== Mode Comparison ==== | ==== Mode Comparison ==== | ||
| Zeile 29: | Zeile 29: | ||
| ''fw ctl pstat'' - Übersiucht der State Sync Kommunikation. ([[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34476&js_peid=P-114a7ba5fd7-10001&partition=General&product=ClusterXL,|sk34476]]) | ''fw ctl pstat'' - Übersiucht der State Sync Kommunikation. ([[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk34476&js_peid=P-114a7ba5fd7-10001&partition=General&product=ClusterXL,|sk34476]]) | ||
| + | ''cphaconf set_ccp broadcast|multicast'' - To change the CCP mode between broadcast and multicast. | ||
| + | |||
| + | ''show routed cluster-state detailed'' - Show history of cluster state change | ||
| === ClusterXL und VRRP === | === ClusterXL und VRRP === | ||
| Zeile 36: | Zeile 39: | ||
| === Ping auf Standby Knoten === | === Ping auf Standby Knoten === | ||
| - | Ping auf VIP und physikalische IP gleichzeitig erlauben: ''fw ctl set int fw_allow_simultaneous_ping 1.'' | + | Ping auf VIP und physikalische IP gleichzeitig erlauben:\\ |
| + | ''fw ctl set int fw_allow_simultaneous_ping 1.'' | ||
| + | |||
| + | === Cluster Staus Change prüfen === | ||
| + | ''show routed cluster-state detailed'' | ||
| + | ==== Sticy Descission Function ==== | ||
| + | A connection is considered sticky when all of its packets are handled, in either direction, by a single cluster member. This is the case in High Availability mode, where all connections are routed through the same | ||
| + | cluster member, and hence, sticky. This is also the case in Load Sharing mode when there are no VPN | ||
| + | peers, static NAT rules or SIP.\\ | ||
| + | In Load Sharing mode, however, there are cases where it is necessary to ensure that a connection that | ||
| + | starts on a specific cluster member will continue to be processed by the same cluster member in both | ||
| + | directions. To that end, certain connections can be made sticky by enabling the Sticky Decision Function. | ||
| + | > Note - For the latest information regarding features that require sticky connections, refer to the | ||
| + | [[http://supportcontent.checkpoint.com/documentation_download?ID=24827|R77 Release Notes]]. | ||
| + | The Sticky Decision Function has the following limitations: | ||
| + | * Sticky Decision Function is not supported when employing either Performance Pack or a hardware-based accelerator card. Enabling the Sticky Decision Function disables these acceleration products. | ||
| + | * When the Sticky Decision Function is used in conjunction with VPN, cluster members are prevented from opening more than one connection to a specific peer. Opening another connection would cause another SA to be generated, which a third-party peer, in many cases, would not be able to process. | ||
checkpoint/gateway/clusterxl.1421589845.txt.gz · Zuletzt geändert: 2016/11/15 12:47 (Externe Bearbeitung)
Seiten-Werkzeuge
Falls nicht anders bezeichnet, ist der Inhalt dieses Wikis unter der folgenden Lizenz veröffentlicht: CC Attribution-Share Alike 4.0 International
