Routing and multiple sync interfaces

If you are using dynamic routing you probably know that clustering + routing have a symbiotic relationship..they need each other but don’t like each other.  I’m not sure how many lunches that the cluster and routing folks had with each other but it shows in the implementation. I have written about this several times.

So here is a way to enhance the reliability of clustering + routing to bypass a Linux kernel bug. If you have a single cable as a sync link directly between cluster members and not going through a switch, then routing+clustering will not work well if the sync interface goes down.

In order to avoid buying switches for all your sync needs, set the mgt interfaces as a 2nd sync interface. This will ensure that the routing daemon continues to participate in routing (very important!!) in case something happens to the sync interface. (There is a patch that is floating around because routing previously did not like the 2nd sync interface. Check with support).

Rather Safe than Sorry

2ndsync

Route On!

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: