Support Center > Search Results > SecureKnowledge Details
ClusterXL - CCP packets and 'fwha_timer_cpha_res' kernel parameter
Symptoms
  • On the Standby member in High Availability cluster:
    1. SmartView Tracker shows constant flapping of an interface.
    2. "cphaprob -a if" shows an interface as Down (completely, or in a specific direction - UP / DOWN).
Cause

Connection of cluster interfaces via several switches can cause problems with CCP packets. Physically, the CCP packets might not be sent out / received in time for the cluster mechanism (due to latency introduced by switches).
By design, the cluster mechanism demands that the latency for CCP packets is less than ~30 milliseconds.

Refer to ClusterXL Administration Guide (R70, R70.1, R71, R75, R75.20, R75.40, R75.40VS, R76, R77.X) -
Chapter Synchronizing Connection Information Across the Cluster -
The Check Point State Synchronization Solution -
Synchronizing Clusters over a Wide Area Network

Notes:

  • These requirements apply not only to Sync, but to ALL interfaces that are used in Cluster Topology.

 

Examples of the problem:

  1. SmartView Tracker shows:
    cluster_info: (ClusterXL) member 2 (192.168.0.6) is down (Interface Active Check on member 2 (192.168.0.6) detected a problem (14 interfaces required, only 13 up).)
    cluster_info: (ClusterXL) interface Mgmt of member 2 (192.168.0.6) is down (receive up, transmit down)

  2. Output of "cphaprob -a if" command shows:
    DMZ UP
    Internal UP
    External Inbound: UP Outbound: DOWN (2.5 secs)
    Lan1 UP

  3. Kernel debug (fw ctl debug -m cluster + if pnote stat timer) shows:
    FW-1: if_uptime_check: IF 6 OUT: state ASSUMED UP -> UNKNOWN
    FW-1: fwha_report_id_problem_status: State (FAILURE) reported by device Interface Active Check
    CPHA : changing state to FAILURE


Solution
Note: To view this solution you need to Sign In .