Support Center > Search Results > SecureKnowledge Details
Traffic outage after a fail-over between Virtual Systems in VSLS Bridge Mode when SecureXL is enabled
Symptoms
  • Traffic outage after a fail-over between Virtual Systems in VSLS Bridge Mode (e.g., by running the "vsx_util vsls" command on Security Management Server and selecting option "4. Manually set priority and weight").

  • Traffic flow resumes when switches send ARP Request and new active Virtual Systems respond with relevant MAC Address.

  • Disabling SecureXL on VSX cluster members resolves the issue (no traffic outage after a fail-over between Virtual Systems).

  • Bridge Active/Standby state is configured as Check Point ClusterXL, and not as standard Layer 2 loop detection (STP).

Cause

During the fail-over, Virtual Systems in VSLS Bridge Mode do not send CCP MAC Learning packets. As a result, switches can not update their MAC Address tables with the MAC Address of the new Active Virtual Systems.

When SecureXL is enabled, accelerated packets do not update Linux kernel shadow table, and, as a result, Check Point kernel table fdb_shadow.


Solution
Note: To view this solution you need to Sign In .