Professional Documents
Culture Documents
Adding or removing an interface in ClusterXL High Availability topology might cause fail-over
Solution ID sk57100
Product ClusterXL
Version All
OS SecurePlatform 2.6, Gaia, Crossbeam XOS
Platform / Model All
Date Created 08-Nov-2010
Last Modied 15-Nov-2016
Symptoms
Adding or removing an interface (either physical, or logical (e.g. VLAN)) in ClusterXL High Availability topology might cause fail-over.
Cause
Adding an interface (either physical, or logical)on a cluster member is done in Operating System. Check Point kernel always attaches itself to the interface. As a result,
Cluster Layer also detects a new interface, and by design, expect to receive and to send CCP packets through that interface. Since this new interface is not dened yet in
cluster Topology, CCP packets will not be sent/received through that interface. As a result, Cluster Layer declares that interface as failed, which in turn causes fail-over.
Removing an interface(either physical, or logical) on a cluster member cause the Cluster Layer to detect less interfaces than on the other member. By design, fail-over
occurs in such case.
Solution
Complete maintenance window is strongly recommended when an interface must be added/removed to/from cluster Topology.
If such complete maintenance window is not possible, then in order to avoid unnecessary fail-overs, the following action plan is suggested for High Availability cluster:
Note for Load Sharing mode: Schedule a maintenance window and follow the above action plan (treat one of the members as "Standby").
A. Either stop the Clustering by running the 'cphastop' command, or bring this member administratively down by running the 'clusterXL_admindown'
command.
Gaia OS:
either in Gaia Clish, or in Gaia Portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk57100 1/4
2/20/2017 AddingorremovinganinterfaceinClusterXLHighAvailabilitytopologymightcausefailover
SecurePlatform OS:
either in 'sysconfig' menu, or in SecurePlatform WebUI
Gaia OS:
either in Gaia Clish by running the 'setinterfaceIF_NAMEstateon' command, or in Gaia Portal
SecurePlatform OS:
either in Expert mode by running the 'ifconfigIF_NAMEup' command, or in SecurePlatform WebUI
Note: If there are still unused interfaces on cluster members, they must be added to the $FWDIR/conf/discntd.if conguration le - refer to sk30060 and to
ClusterXL Admin Guide (does not apply to Gaia OS R75.47 and R77.20 (and above)).
Gaia OS:
either in Gaia Clish, or in Gaia Portal
SecurePlatform OS:
either in 'sysconfig' menu, or in SecurePlatform WebUI
Gaia OS:
either in Gaia Clish by running the 'setinterfaceIF_NAMEstateon' command, or in Gaia Portal
SecurePlatform OS:
either in Expert mode by running the 'ifconfigIF_NAMEup' command, or in SecurePlatform WebUI
Note: If there are still unused interfaces on cluster members, they must be added to the $FWDIR/conf/discntd.if conguration le - refer to sk30060 and to
ClusterXL Admin Guide (does not apply to Gaia OS R75.47 and R77.20 (and above)).
C. Either start the Clustering by running the 'cphastart' command, or bring this member administratively up by running the 'clusterXL_adminup' command.
5. Verify that the new interface was added to cluster topology - run this command on each cluster member:
[Expert@HostName]#cphaprobaif
If the new interface was not added yet, then reboot each cluster member.
1. Perform these steps in SmartDashboard (before removing an interface from Cluster object topology, set it to 'NonMonitoredPrivate'):
B. Go to 'Topology' pane.
D. Remove the Virtual IP address from the pair of the interfaces that should be removed from Cluster object topology.
E. In the 'NetworkObjective' column, select 'NonMonitoredPrivate' (for the interfaces that should be removed from Cluster object topology).
D. Check the 'Requirednumberofinterfaces' - the total number has to decrease by the number of interfaces that were congured as 'NonMonitored
Private'.
Example:
Note: If the 'Requirednumberofinterfaces' did not decrease, then reboot the problematic cluster member.
A. Either stop the Clustering by running the 'cphastop' command, or bring this member administratively down by running the 'clusterXL_admindown'
command.
B. Add the interface name to the $FWDIR/conf/discntd.if conguration le (does not apply to Gaia OS R75.47 and R77.20 (and above)).
Gaia OS:
either in Gaia Clish by running the 'setinterfaceIF_NAMEstateoff' command, or in Gaia Portal
SecurePlatform OS:
either in Expert mode by running the 'ifconfigIF_NAMEdown' command, or in SecurePlatform WebUI
Gaia OS:
either in Gaia Clish, or in Gaia Portal
SecurePlatform OS:
either in 'sysconfig' menu, or in SecurePlatform WebUI
Note: If there are still unused interfaces on cluster members, they must be added to the $FWDIR/conf/discntd.if conguration le - refer to sk30060 and to
ClusterXL Admin Guide (does not apply to Gaia OS R75.47 and R77.20 (and above)).
A. Add the interface name to the $FWDIR/conf/discntd.if conguration le (does not apply to Gaia OS R75.47 and R77.20 (and above)).
Gaia OS:
either in Gaia Clish by running the 'setinterfaceIF_NAMEstateoff' command, or in Gaia Portal
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk57100 3/4
2/20/2017 AddingorremovinganinterfaceinClusterXLHighAvailabilitytopologymightcausefailover
SecurePlatform OS:
either in Expert mode by running the 'ifconfigIF_NAMEdown' command, or in SecurePlatform WebUI
Gaia OS:
either in Gaia Clish, or in Gaia Portal
SecurePlatform OS:
either in 'sysconfig' menu, or in SecurePlatform WebUI
Note: If there are still unused interfaces on cluster members, they must be added to the $FWDIR/conf/discntd.if conguration le - refer to sk30060 and to
ClusterXL Admin Guide (does not apply to Gaia OS R75.47 and R77.20 (and above)).
D. Remove the interface from the Topology table from each member.
C. Either start the Clustering by running the 'cphastart' command, or bring this member administratively up by running the 'clusterXL_adminup' command.
7. Verify that the new interface was delete from cluster topology - run this command on each cluster member:
[Expert@HostName]#cphaprobaif
If the new interface was not deleted yet, then reboot each cluster member.
Related documentation:
Gaia Administration Guide (R75.40, R75.40VS, R76, R77).
SecurePlatform Administration Guide (R65, R70, R71, R75, R75.40, R75.40VS, R76, R77).
ClusterXL Administration Guide (R55, R60, R61, R62, R65, R70, R70.1, R71, R75, R75.20, R75.40, R75.40VS, R76, R77).
Command Line Interface Reference Guide (R55, R60, R61, R62, R65, R70, R71, R75, R75.20, R75.40, R75.40VS, R76, R77).
sk30060 - SmartView Tracker repeatedly shows messages "cluster_info: (ClusterXL) interface is down / up".
sk114212 - Synchronization in cluster is broken after moving the "1st Sync" Network Objective to an interface that was dened as "Non-Monitored Private".
sk44268 - Number of 'Required interfaces' in the output of 'cphaprob -a if' command does not change after removing an interface from ClusterXL Topology.
Enteryourcommenthere
Comment Submit
1994-2017 Check Point Software Technologies Ltd. All rights reserved.
Copyright | Privacy Policy
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk57100 4/4