Print Download PDF Send Feedback

Previous

Next

Configuring Virtual System Load Sharing

This section presents the various procedures for configuring VSLS deployments.

You use the vsx_util vsls command on the Management Server to perform various VSLS configurations tasks.

Procedure:

  1. Connect to the command line on the Management Server.
  2. Log in to the Expert mode.
  3. Run:

    vsx_util vsls

  4. Enter the IP address of the Security Management Server or Domain Management Server.
  5. Enter the Management Server administrator user name and password.
  6. Select the VSX Cluster.
  7. From the VSLS menu, select the configuration option.

Enabling VSLS

In order to use VSLS for VSX, you must first activate the Per Virtual System State mode on each VSX Cluster Member. You can then create a Load Sharing cluster, either by creating a new cluster object, or by converting an existing High Availability cluster to Load Sharing mode. After completing this process, you can modify Virtual Systems as required.

Enabling the Per Virtual System State Mode

The Per Virtual System State mode enables active Virtual Systems to be placed on different VSX Cluster Members, and for Virtual System-specific failover. This setting is mandatory for VSLS. On each VSX Cluster Member, do the following:

Note - The following Virtual Devices are not supported when the Per Virtual System state is enabled:

  • Virtual Routers
  • Virtual Switches that do not have physical or VLAN interfaces
  1. Connect to the command line.
  2. Log in to the Expert mode.
  3. Run:

    cpconfig

  4. Select:

    Enable Check Point Per Virtual System State

  5. When the question appears:

    Would you like to enable Per Virtual System state?

    Enter y

  6. Reboot the VSX Cluster Member.

Creating a New VSLS Cluster

To create a new VSLS cluster:

  1. Connect with SmartConsole to the Security Management Server or Main Domain Management Server used to manage the VSX Cluster.
  2. From the navigation panel, click Gateways & Servers.
  3. At the top, click Objects menu > More object types > Network Object > Gateways and Servers > VSX > New Cluster.

    The VSX Cluster Wizard > General Properties opens.

  4. Create and configure the new cluster.
    1. On the General Properties page, from VSX Cluster Platform, select ClusterXL Virtual System Load Sharing.
    2. On the Creation Templates page, select the creation template.
    3. Complete the VSX Cluster Wizard.

Using the 'vsx_util vsls' Command

You use the vsx_util vsls command on the Management Server to perform various Virtual System Load Sharing configuration tasks, including:

Procedure:

  1. Connect to the command line on the Management Server.
  2. Log in to the Expert mode.
  3. Run:

    vsx_util vsls

  4. Enter the IP address of the Security Management Server or Domain Management Server.
  5. Enter the Management Server administrator user name and password.
  6. Select the desired choice from the VSLS menu.

'vsls_config vsls' main menu

This sample output is for versions R77.10 and higher.

Enter Administrator Name: aa

Enter Administrator Password:

Select VSX cluster object name:

1) vsx_cluster_A

2) vsx_cluster_B

Select: 1

VS Load Sharing - Menu

________________________________

1. Display current VS Load sharing configuration

2. Distribute all Virtual Systems so that each cluster member is equally loaded

3. Set all VSs active on one member

4. Manually set priority and weight

5. Import configuration from a file

6. Export configuration to a file

7. Exit

Enter redistribution option (1-7) [1]:

Distributing Virtual Systems Amongst VSX Cluster Members

The primary advantage of VSLS is the ability to distribute Active, Standby and Backup Virtual Systems amongst VSX Cluster Members to maximize throughput and user response time. You can choose to distribute Virtual Systems according to one of the following options:

Distributing Virtual Systems for Equal Member Loading

To distribute Virtual Systems for equal member loading:

  1. From the VSLS menu, select 2. Distribute all Virtual Systems so that each cluster member is equally loaded.
  2. At the Save & apply configuration? prompt, enter "y" to continue.

The process update process may take several minutes or longer to complete, depending on the quantity of Virtual Systems and VSX Cluster Members.

Placing All Active Systems on the Same Member

  1. From the VSLS menu, select 3. Set all VSs active on one member.
  2. When prompted, enter the number corresponding to the member designated as the Primary member.
  3. When prompted, enter the number corresponding to the member designated as the Standby member.

    All other VSX Cluster Members will be designated as Backup members.

  4. At the Save & apply configuration? prompt, enter "y" to continue.

The process update process may take several minutes or longer to complete, depending on the quantity of Virtual Systems and VSX Cluster Members.

Assigning Priorities and Weights for a Single Virtual System

Methods to change priorities and weights:

Note: After you save changes, the update requires time (several minutes or longer), depending on the quantity of Virtual Systems and VSX Cluster Members.

To automatically assign weights to all Virtual Systems:

  1. From the VSLS menu, select 4. Manually set priority and weight.
  2. Scroll through each Virtual System. Enter: a
  3. For each Virtual System, enter a weight value and press Enter.

    If you do not enter a weight value for a Virtual System, the assigned weight is not changed. Only Virtual Systems with a new weight value are updated.

    To stop entering weight values, enter s.

  4. At the Save & apply configuration prompt, enter: y.

To manually update both priorities and weights for individual Virtual Systems:

  1. From the VSLS menu, select 4. Manually set priority and weight.
  2. Enter: m
  3. At the Would you like to change the Virtual System's priority list? prompt, enter: y.
  4. Enter the number of the member to get the highest priority.
  5. Enter the number of the member to get the next highest priority.
  6. Continue until all VSX Cluster Members have a priority.
  7. At the Would you like to change the Virtual System's weight? prompt, enter: y.
  8. Enter the new weight value. A valid value is an integer between 1 and 100.
  9. At the Do you wish to configure another Virtual System? prompt, enter y to configure a different Virtual System or enter n to continue.
  10. At the Save & apply configuration? prompt, enter: y.

Viewing VSLS Status

To view the current VSLS status and Virtual System distribution amongst VSX Cluster Members, select 1. Display current VS Load Sharing configuration from the VSLS menu.

The output is similar to the below example:

----+---------+-----------+-----------+-----------+--------+

VSID| VS name | gw150 | gw151 | gw152 | Weight |

----+---------+-----------+-----------+-----------+--------+

2 | vs1 | 0 | 1 | 2 | 10 |

3 | vs2 | 2 | 0 | 1 | 10 |

4 | vs3 | 1 | 2 | 0 | 10 |

5 | vs5 | 0 | 2 | 1 | 10 |

6 | vs4 | 1 | 0 | 2 | 10 |

----+---------+-----------+-----------+-----------+--------+

Total weight | 20 | 20 | 10 | 50 |

----+---------+-----------+-----------+-----------+--------+

 

Legend:

0 - Highest priority

1 - Next priority

2 - Lowest priority

Virtual System Priority

Virtual System priority refers to a preference regarding which VSX Cluster Member hosts a Virtual System's Active, Standby, and Backup states. This preference is expressed as an integer value.

Priority

Definition

0

Highest priority, indicating the VSX Cluster Member designated to host the Virtual System Active state.

1

Second highest priority, indicating the VSX Cluster Member designated to host the Virtual System Standby state.

> 1

Lower priorities, indicating VSX Cluster Members designated to host a Virtual System's Backup state.

The VSX Cluster Member assigned priority 2 will be the first to switch the Virtual System to the Standby state in the event of a failure of either the Active or Standby Virtual System.

A VSX Cluster Member assigned priority 3 would be the next in line to come online in the event of another failure.

Virtual System Weight

Each Virtual System is assigned a weight factor, which indicates its traffic volume relative to the total traffic volume (the sum of all weight factors) on a given VSX Cluster Member. VSX uses the weight factor to determine the most efficient distribution of Virtual Systems amongst VSX Cluster Members. System resource allocation is not affected by the weight factor, nor does VSX take weight into consideration for any other purpose.

By default, all Virtual Systems are assigned an equal weight factor of 10.

Exporting and Importing VSLS Configurations

When working with large scale VSLS deployments consisting of many Virtual Systems, multiple VSX Cluster Members, using the vsx_util command on the Management Server to perform configuration tasks can be quite time consuming. To allow administrators to efficiently configure such deployments, VSX supports uploading VSLS configuration files containing configuration information for all Virtual Systems directly to Management Servers and VSX Cluster Members.

This capability offers the following advantages:

VSLS configuration files are CSV files that are editable using a text editor or other applications, such as Microsoft Excel. You can use the configuration file to rapidly change the weight and VSX Cluster Member priority for each Virtual Systems in the list.

Note - You cannot use the VSLS configuration file to add or remove VSX Cluster Members. You must use the appropriate vsx_util commands to accomplish this.

You can use the VSLS configuration file to change member priorities for Virtual Systems after adding or removing a VSX Cluster Member.

VSLS Configuration File

The VSLS configuration file is a comma separated value (CSV) text file that contains configuration settings for all Virtual Systems controlled by a Management Server. All lines preceded by the # symbol are comments and are not imported into the management database.

# Check Point VSX - VS Load Sharing configuration file

#

# Administrator : aa

# SmartCenter/Main Domain Management Server : 192.168.50.160

# Generated on : Thu Jul 23 13:08:42 2009

#

#

#

# VSID, Weight, Active member, Standby member, Backup member #1

# Virtual System name: vs1

2,10,gw150,gw151,gw152

 

# Virtual System name: vs2

3,10,gw151,gw152,gw150

 

# Virtual System name: vs3

4,10,gw152,gw150,gw151

 

# Virtual System name: vs4

6,10,gw151,gw150,gw152

 

# Virtual System name: vs5

5,10,gw150,gw152,gw151

The configuration file contains one line for each Virtual System, consisting of the following data as shown below:

Each line contains the VSID, the weight assigned the Virtual System, one primary VSX Cluster Member, and one Standby VSX Cluster Member.

Additional Backup VSX Cluster Members are listed after the Standby VSX Cluster Member.

Exporting a VSLS configuration

The most common way to use VSLS configuration files is to initially define your cluster environment and Virtual Systems using SmartConsole.

To export a VSLS configuration to a text file:

  1. From the VSLS menu, select 6. Export configuration to a file.
  2. Enter a file name, include its fully qualified path, for example:

    /home/admin/MyConfiguration

Processing Options

You can insert the following commands in the VSLS Configuration file to display audit trail information while validating and processing data. Each of the commands act as a toggle, whereby the first occurrence of a command enables the action and the next occurrence disables it. These options his allow you to efficiently debug very long configuration files by displaying or logging only suspicious sections of the data.

Command

Action

!comments

Sequentially displays comment lines (those preceded with the '#' character) contained in the configuration file. You can insert comments into the configuration file to indicate which Virtual Systems are currently being processed or to provide status information as the parser processes the data.

!verbose

Shows whether or not each data line has been successfully verified and the configuration parameters for each Virtual System.

!log

Saves !comments and !verbose information in the vsx_util.log file.

Importing a VSLS configuration

To import a VSLS configuration from a text file:

  1. From the VSLS menu, select 5. Import configuration from a file.
  2. Enter the file name, include its fully qualified path, for example:

    /home/admin/MyConfiguration

  3. At the Save & apply configuration? prompt, enter "y" to continue.

During the import process, the parser reads the configuration file and attempts to validate the contents. Errors are displayed on the screen together with the offending line number. If either the !comments or !verbose processing options are enabled, the appropriate information appears on the screen.

The process update process may take several minutes or longer to complete, depending on the quantity of Virtual Systems, Domain Management Servers, and VSX Cluster Members.

05 November 2019
Was this helpful?
Incorrect information Not what I'm looking for Too much information Confusing information
© 2019 Check Point Software Technologies Ltd. All rights reserved.