The information you are about to copy is INTERNAL!
DO NOT share it with anyone outside Check Point.
Although CCP mode is set to Broadcast, Delta Sync packets are sent over Sync interface(s) as multicast
| Solution ID |
sk101132 |
| Product |
ClusterXL, Cluster - 3rd party |
| Version |
R75.40VS, R75.45, R75.46, R75.47, R76, R77, R77.10, R77.20 |
| OS |
Gaia, SecurePlatform 2.6 |
| Platform / Model |
All |
| Date Created |
02-Jun-2014
|
| Last Modified |
22-May-2017
|
Symptoms
Although CCP mode is set to Broadcast, Delta Sync packets are sent over Sync interface(s) as multicast.
Example of traffic capture:
23:59:07.048746 00:00:00:00:fe:01 > 01:00:5e:07:07:fa, ethertype IPv4 (0x0800), length 82: 0.0.0.0.cp-cluster > 7.7.7.0.cp-cluster: UDP, length 40
23:59:07.048805 00:00:00:00:fe:01 > 01:00:5e:07:07:fa, ethertype IPv4 (0x0800), length 82: 0.0.0.0.cp-cluster > 7.7.7.0.cp-cluster: UDP, length 40
23:59:07.120890 00:00:00:00:88:00 > 01:00:5e:07:07:fa, ethertype IPv4 (0x0800), length 76: 0.0.0.0.cp-cluster > 7.7.7.0.cp-cluster: UDP, length 34
Connections initiated from the Standby member (e.g., SSH, FTP) in ClusterXL High Availability might time out when the value of kernel parameter "fwha_sync_broadcast_ack" is set to "1" per sk20576 (at least on the Active member).
SSH connection fails (times out) in the following topology:
Host --> (int)[Active](ext) --> [switch] --> (ext)[Standby]
Traffic capture and cluster debug ('fw ctl debug -m cluster + forward') show that the SSH packet reaches the Active member and forwarded to the Standby over the Sync network (as designed).
However, Standby does not respond to this SSH connection.
Cause
By the current design, setting CCP mode to Broadcast is not applied to Sync interfaces.
Solution
|
Note: To view this solution you need to
Sign In
.
|
