High Availability and Load Sharing in ClusterXL

In This Section: Introduction to High Availability and Load Sharing Example ClusterXL Topology ClusterXL Modes Cluster Failover Implementing Planning Considerations ClusterXL Requirements and Compatibility Check Point Software Compatibility

Introduction to High Availability and Load Sharing

ClusterXL is a software-based Load Sharing and High Availability solution that distributes network traffic between clusters of redundant Security Gateways.

ClusterXL has these High Availability features:

• Transparent failover in case of member failures
• Zero downtime for mission-critical environments (when using State Synchronization)
• Enhanced throughput (in Load Sharing modes)
• Transparent upgrades

All members in the cluster are aware of the connections passing through each of the other members. The Cluster Members synchronize their connection and status information across a secure synchronization network.

The glue that binds the members in a ClusterXL cluster is the Cluster Control Protocol (CCP), which is used to pass synchronization and other information between the Cluster Members.

High Availability

In a High Availability cluster, only one member is active (Active/Standby operation). In the event that the active Cluster Member becomes unavailable, all connections are re-directed to a designated standby without interruption. In a synchronized cluster, the standby Cluster Members are updated with the state of the connections of the Active Cluster Member.

In a High Availability cluster, each member is assigned a priority. The highest priority member serves as the Security Gateway in normal circumstances. If this member fails, control is passed to the next highest priority member. If that member fails, control is passed to the next member, and so on.

Upon Security Gateway recovery, you can maintain the current Active Security Gateway (Active Up), or to change to the highest priority Security Gateway (Primary Up).

ClusterXL High Availability mode supports both IPv4 and IPv6.

Load Sharing

ClusterXL Load Sharing distributes traffic within a cluster so that the total throughput of multiple members is increased. In Load Sharing configurations, all functioning members in the cluster are active, and handle network traffic (Active/Active operation).

If any member in a cluster becomes unreachable, transparent failover occurs to the remaining operational members in the cluster, thus providing High Availability. All connections are shared between the remaining Security Gateways without interruption.

ClusterXL Load Sharing modes do not support IPv6.