|
|
|
This section presents several advanced cluster scenarios and procedures for their configuration.
Included Topics |
The recommended cluster architecture contains interfaces connect to a Layer-2 segment that is isolated from other clusters. When configuring a cluster with only two members, you should connect the secured interfaces of the sync network using a crossover cable.
However, in a deployment where multiple clusters need to connect to the same Layer-2 segment, the same MAC address may be used by more than one cluster for Cluster Control Protocol (CCP) communication. This may direct traffic to the incorrect cluster. In this case you will need to modify the source MAC address(es) of the clusters.
This section describes how source MAC addresses are assigned, and explains how to change them. This procedure applies to both ClusterXL and OPSEC certified clustering products using the High Availability mode.
Cluster members use CCP to communicate with each other. In order to distinguish CCP packets from ordinary network traffic, CCP packets are given a unique source MAC address.
Default Value Of Fifth Byte |
Purpose |
|---|---|
|
CCP traffic |
|
Forwarding layer traffic |
When multiple clusters are connected to the same Layer-2 segment, setting a unique value to the fifth byte of the MAC source address of each cluster allows them to coexist on the same Layer-2 segment.
To change a cluster's MAC source address, run these commands on each cluster member:
fw ctl set int fwha_mac_magic <value>
fw ctl set int fwha_mac_forward_magic <value>
Parameter |
Default value |
|---|---|
|
|
|
|
Use any value, as long as the two gateway configuration parameters are different. To avoid confusion, do not use the value 0x00.
You can configure the above parameters to persist following reboot.
fwkern.conf, located at $FWDIR/boot/modules/.Parameter=<value in hex>. Make sure there are no spaces.