Cluster priorities, upgrades and failover

Oh this is a little tidbit that will make your cluster upgrades a bit easier especially if you are using dynamic routing.

  • cphastop, pushing policy
    Will failover the cluster to the highest priority member even with “maintain current active gateway” enabledmaintain current active gateway
  • clusterXL_admin down/up, reboot, cpstop/start
    Will maintain the active member

So during upgrades, the first thing you should do is arrange your cluster priority in the order you do upgrades. So if you upgrade member B first, make that your highest priority member.  That way you can be sure to keep it the active member no matter what happens to Member A.

Dynamic Routing People: I’m not convinced DR is working with failover and its subtle. Sometimes during failovers the routes are still in the table for a while while the cluster members re converge. But the active member gets stuck in EXSTART (show ospf neighbors) and after a while depending on timing routes start to drop. Without knowing this you are not sure if you have a routing or cluster problem. So make sure you know where the active member is at all times and keep it that way.

Nobody should have this much fun!

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: