Virtual System Load Sharing (VSLS)
|
|
Important - R80.20SP does not support VSLS (Known Limitation MBS-5288). |
VSX
Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Clusters can efficiently balance network traffic load by distributing active Virtual Systems amongst VSX Cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Members. This capability is known as Virtual System Load Sharing (VSLS).
In a deployment scenario with three VSX Cluster Members, each with three Virtual Systems: an equalized Load Sharing deployment might have one Active Virtual System Virtual Device on a VSX Gateway or VSX Cluster Member that implements the functionality of a Security Gateway. Acronym: VS. on each VSX Cluster Member Security Gateway that is part of a cluster..
|
Item |
Description |
|
Item |
Description |
|---|---|---|---|---|
|
1 |
VSX Cluster Member 1 |
|
8 |
Virtual System 2 is Backup |
|
2 |
VSX Cluster Member 2 |
|
9 |
Virtual System 3 is Active |
|
3 |
VSX Cluster Member 3 |
|
10 |
Virtual System 1 is Backup |
|
4 |
Virtual System 1 is Active |
|
11 |
Virtual System 2 is Active |
|
5 |
Virtual System 2 is Standby |
|
12 |
Virtual System 3 is Standby |
|
6 |
Virtual System 3 is Backup |
|
|
Sync Network |
|
7 |
Virtual System 1 is Standby |
|
|
|
A different member hosts the active peer for each Virtual System. This distribution spreads the load equally amongst the VSX Cluster Members. When you create a Virtual System, VSX automatically assigns Standby and Backup states to the appropriate peers and distributes them among the other VSX Cluster Members.
In the event that a VSX Cluster Member fails, VSLS directs traffic destined to affected Virtual Systems to their fully synchronized Standby peers, which then become Active. At the same time, a Backup Virtual System switches to Standby, and synchronizes with the newly Active Virtual System.
In the event that an individual active Virtual System fails, it immediately fails over to its Standby peer and one of its Backup peers becomes the Standby, synchronizing with the newly Active peer.
Converting from High Availability to VSLS
To convert an existing VSX Cluster from High Availability to VSLS:
-
On each VSX Cluster Member:
-
Run:
cpconfig -
Enable the Per Virtual System State.
-
Enable ClusterXL for Bridge Active/Standby.
-
Restart the Check Point services:
cpstop ; cpstart
-
-
-
Connect to the command line.
-
Log in to the Expert mode.
-
Run:
vsx_util convert_cluster -
Enter the IP address of the Security Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. or Domain Management Server. -
Enter the Management Server administrator user name and password.
-
Select the VSX Cluster.
-
Enter:
LS -
At the
Proceed with conversion?prompt, enter:y -
Select an option to distribute Virtual Systems among VSX Cluster Members:
-
Distribute all Virtual Systems equally.
-
Set all Virtual Systems as Activeon the same VSX Cluster Member.
-
-
-
Reboot each VSX Cluster Member.
-
On each VSX Cluster Member:
-
Connect to the command line.
-
Examine the VSX configuration:
vsx stat -v -
Examine the VSX Cluster state and configuration:
cphaprob state
-
Note - You cannot convert a VSX Cluster to the VSLS mode, if it contains Virtual Systems in the Active/Active Bridge mode Security Gateway or Virtual System that works as a Layer 2 bridge device for easy deployment in an existing topology. or Virtual Routers.