What the hell is a “Required Interface”???

I know you and the rest of the world knows this but I just figured this out after an interaction with the SK people.

I was having flapping problems and was reading sk44268  and was pretty broad. I also googled “required interfaces” and came up blank.

So they fixed sk44268, referred me to this great SK on internal cluster functions ClusterXL ATRG sk93306 (tons of details) and I thought I would
summarize for the common peasants:

Required interfaces is the summary of

1) Clustered interfaces (VIP)
2) Sync interfaces

This CLI shows 3 Required Interfaces: 1 sync and 2 clustered

cmdline

This (different config)GUI shows 4 “Required Interfaces”, 3 clustered, 1 sync.

gui

Summary:

Better: Cluster requires X number of interfaces to be available and sending receiving CCP packets.
1) If Cluster does NOT see CCP packets on X required interfaces, it fails over.
2) If Cluster members have different number of X required interfaces it fails over thinking one went down.
3) VLANs are counted in this required count …… forgot how?? I think the first and last on the clustered interface
4) Required interfaces CAN be modified on the fly by modifying the topology and pushing policy….but sometimes it doesn’t work and you have to reboot
5) Required interfaces are listed as “cluster interfaces” and “sync” interfaces in the gui (above)

6) At boot time, these cluster/sync interfaces are counted and set to Required Interfaces. But they can be modified in SmartDashboard and topology when you push policy
Short and sweet …. I think?? I’m the first to described this!!
Wow, living large.
dreez
Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: