Cluster IP Addresses on Different Subnets

Introduction

You can configure cluster Virtual IP addresses in different subnets than the physical IP addresses of the Cluster Members.

The network "sees" the cluster as one Security Gateway that operates as a network router. The network is not aware of the internal cluster structure and physical IP addresses of Cluster Members.

Advantages of using different subnets:

• You can create a cluster in an existing subnet that has a shortage of available IP addresses.
• You use only one Virtual IP address for the cluster. All other IP addresses can be on other subnets.
• You can "hide" physical Cluster Members' IP addresses behind the cluster Virtual IP address. This security practice is almost the same as NAT.

  Note - This capability is available only for ClusterXL clusters.

Traffic sent from Cluster Members to internal or external networks is hidden behind the cluster Virtual IP addresses and cluster MAC addresses. The cluster MAC address assigned to cluster interfaces is:

Cluster Mode	MAC Address
High Availability	MAC address of the Active Cluster Member's interface
Load Sharing Multicast	Multicast MAC address of the cluster Virtual IP Address
Load Sharing Uncast	MAC address of the Pivot Cluster Member's interface

The use of different subnets with cluster objects has some limitations.

Configuring Cluster Addresses on Different Subnets

These are the steps necessary to configure a cluster with IP addresses on different subnets:

1. On each Cluster Member, define these static routes for each cluster Virtual IP address:

   next hop gateway for network of cluster Virtual IP address is applicable local member's interface

2. Configure the cluster topology.

   Usually, cluster Virtual IP addresses are automatically related to an interface based on membership in the same subnet. When the subnets are different, you must explicitly define the relationship between a Cluster Member's interface and a cluster Virtual IP address.

Defining the Cluster Members Network

When using a cluster, in which the Cluster Virtual IP address and physical IP addresses of Cluster Members are on different subnets, it is necessary to define the settings manually.

To define the member's network manually:

1. In SmartConsole, use the Classic Mode to manually create a new cluster.
2. Define the Cluster Members and their physical interfaces.
3. Go to the Network Management page.
4. Select each cluster interface and click Edit.
5. In the General section, in the Virtual IPv4 field, enter the IPv4 address.
6. In the Member IPs, make sure the IP addresses are correct.
7. Click OK.
8. Install the Access Control Policy on this cluster object.

For more details, see the Configuring Cluster Object chapter.

Configuring a Static Route

On each Cluster Member, define these static routes for each cluster Virtual IP address:

next hop gateway for network of cluster Virtual IP address is applicable local member's interface

If you do not define the static routes correctly, it will not be possible to connect to the Cluster Members and pass traffic through them.

Note - It is not necessary to configure static routes manually on VSX Cluster Members. This is done automatically when you configure routes in SmartConsole.

For configuration instructions, see the R80.20 Gaia Administration Guide - Chapter Network Management - Sections IPv4 Static Routes and IPv6 Static Routes.