SyncXL
SyncXL is a Check Point technology that makes sure active connections are only synchronized to one SGM on the Active Chassis and one SGM on the Standby Chassis. This means that the SGM in the Active Chassis can only synchronize with its counterpart in the Standby Chassis.
When an SGM or Chassis state changes, all SGMs update their counterpart SGM. Synchronization is triggered automatically by these events:
- SGM Failure – Connections with a backup connection on an SGM are synchronized to a backup SGM
- SGM Recovery – The newly recovered SGM can be a backup for connections that are active on other SGMs
- Chassis HA failover – When the Active Chassis fails over to the Standby Chassis, a backup entry is defined for each of the connections that it handles.
The SyncXL mechanism can be configured via the asg_sync_manager. See the asg_sync_manager section.
Standby Chassis/Active SGMs ratio:
To handle load and capacity, the Standby Chassis must have at least 50% of SGMs in the UP state, compared with the Active Chassis. For example, If there are 10 SGMs that are UP on the Active Chassis, there must be at least five UP SGMs on the Standby Chassis. SyncXL is automatically disabled if this condition is not successful. You can change the ratio parameter.
To make sure that each active connection has backups on both Chassis in a Dual Chassis system, run in the Expert mode:
asg_sync_manager
To see the last connection backup operation, run this command in the Expert mode:
# asg_blade_stats
Last Iterator Statistics:
---------------------------------------------
Start time: Thu Sep 13 10:48:18 2012
Running time: 0 Seconds
Status: Finished
Reason: Chassis ID 2 state was changed to STANDBY
Total connections iterated 38
Connections w/ sync action 0
Notes:
- VoIP connections are synchronized to all SGMs
- Local connections (To/from the 61000/41000 Security System pseudo IP) are not synchronized
- SyncXL does not work on the Sync interface or the Management Interface
|
