Configuring Link State Propagation (LSP)

On a Check Point Appliances that run as a Security Gateway or ClusterXL Cluster Members, you can bind together in Bridge mode two physical ports on a Check Point Line Card. When the link state for one bridged slave port goes down, the other bridged slave port also goes down. This lets a switch detect and react faster to a link failure on the other side of a bridge or another part of the network.

Link State Propagation is supported on Check Point appliances with these Line Cards:

Line Card SKU	Description	Driver
CPAC-4-1C	4 Port 10/100/1000 Base-T Ethernet (RJ45) interface card	IGB
CPAC-8-1C	8 Port 10/100/1000 Base-T Ethernet (RJ45) interface card	IGB
CPAC-4-1F	4 Port 1000 Base-F Fiber (SFP) interface card	IGB
CPAC-4-10F	4 Port 10G Base-F Fiber (SFP+) interface card	IXGBE

You can configure the Link State Propagation in one of these modes:

LSP Mode	Description
Automatic port detection and port pair creation	Security Gateways and Cluster Members automatically assign all bridged Line Card ports to port pairs
Manual port pair creation	You manually configure the assignment of bridged Line Card ports to port pairs. Note - You can configure up to four port pairs.

LSP Mode

Description

Automatic port detection

and port pair creation

Security Gateways and Cluster Members automatically assign all bridged Line Card ports to port pairs

Manual port pair creation

You manually configure the assignment of bridged Line Card ports to port pairs.

Note - You can configure up to four port pairs.

Important:

In a cluster environment, you must configure all the Cluster Members in the same way.
Link State Propagation does not support Bond interfaces.

To configure Link State Propagation for automatic port detection:

Step	Description
1	Connect to the command line on the Security Gateway or each Cluster Member.
2	Log in to the Expert mode.
3	Back up the current `$FWDIR/boot/modules/fwkern.conf` file: `# cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}` Important - If this file does not exist, create it: `# touch $FWDIR/boot/modules/fwkern.conf`
4	Edit the current `$FWDIR/boot/modules/fwkern.conf` file: `# vi $FWDIR/boot/modules/fwkern.conf`
5	Add this line: `fw_link_state_propagation_enabled=1`
6	Save the changes in the file and exit the Vi editor.
7	Reboot the Security Gateway or each Cluster Member.
8	Make sure the Security Gateway or Cluster Members loaded the new configuration: `# fw ctl get int fw_link_state_propagation_enabled`

To configure Link State Propagation for manual port detection:

Step	Description
1	Connect to the command line on the Security Gateway or each Cluster Member.
2	Log in to the Expert mode.
3	Back up the current `$FWDIR/boot/modules/fwkern.conf` file: `# cp -v $FWDIR/boot/modules/fwkern.conf{,_BKP}` Important - If this file does not exist, create it: `# touch $FWDIR/boot/modules/fwkern.conf`
4	Edit the current `$FWDIR/boot/modules/fwkern.conf` file: `# vi $FWDIR/boot/modules/fwkern.conf`
5	Add these three lines (you can configure up to four pairs): `fw_link_state_propagation_enabled=1` `fw_manual_link_state_propagation_enabled=1` `fw_lsp_pair1="<`interface_name1`,`interface_name2`>"` `fw_lsp_pair2="<`interface_name3`,`interface_name4`>"` `fw_lsp_pair3="<`interface_name5`,`interface_name6`>"` `fw_lsp_pair4="<`interface_name7`,`interface_name8`>"` Example: `fw_lsp_pair1="eth1,eth2"` `fw_lsp_pair2="eth3,eth4"`
6	Save the changes in the file and exit the Vi editor.
7	Reboot the Security Gateway or each Cluster Member.
8	Make sure the Security Gateway or Cluster Members loaded the new configuration: `# fw ctl get int fw_link_state_propagation_enabled` `# fw ctl get int fw_manual_link_state_propagation_enabled` `# fw ctl get str fw_lsp_pair1` `# fw ctl get str fw_lsp_pair2` `# fw ctl get str fw_lsp_pair3` `# fw ctl get str fw_lsp_pair4`

For more information:

See sk108121: How to configure Link State Propagation (LSP) in a Bridge interface on Gaia OS and SecurePlatform OS.