Working with VSX Clusters

In This Section: Configuration Overview Creating VSX Clusters Modifying a Cluster Definition Working with VSX Cluster Members Changing the VSX Cluster Type Enabling VSX Gateway High Availability Configuring Virtual System Load Sharing Configuring Virtual Systems in Bridge Mode Advanced Clustering Configuration

Configuration Overview

You use SmartConsole for most of the basic cluster configurations. Many cluster management procedures require the command line. For example, you need the CLI to change the VSX Cluster definitions.

Creating VSX Clusters

Creating a New VSX Cluster

This section describes how to create a new VSX Cluster using the VSX Cluster Wizard. The wizard guides you through the steps to configure a VSX Cluster.

After completing the VSX Cluster Wizard, you can modify most VSX Cluster and VSX Cluster Member properties directly from SmartConsole.

To create a new VSX Cluster:

1. Connect with SmartConsole to the Security Management Server or Main Domain Management Server used to manage the VSX Cluster.
2. From the left navigation panel, click Gateways & Servers.
3. At the top, click Objects menu > More object types > Network Object > Gateways and Servers > VSX > New Cluster.

   The VSX Cluster Wizard > General Properties opens.

Defining Cluster General Properties

The Cluster General Properties page contains basic properties for VSX Clusters:

• VSX Cluster Name: Unique, alphanumeric name for the cluster. The name cannot contain spaces or special characters except the underscore.
• VSX Cluster IPv4 Address: IPv4 address of the cluster.
• VSX Cluster IPv6 Address: IPv6 address of the cluster.
• VSX Cluster Version: VSX version to use for this cluster.
• VSX Cluster Platform: Platform type hosting the VSX Cluster Members:
  • To create a High Availability cluster, select ClusterXL.
  • To create a Load Sharing (VSLS) cluster, select ClusterXL Virtual System Load Sharing.

Note - All VSX Cluster Members must use the same type of platform, with the same specifications and configuration.

Selecting Virtual Systems Creation Templates

The Virtual Systems Creation Templates allows you to select a Virtual System Creation Template that automatically applies predefined, default topology and routing definitions to Virtual Systems when they are first created. This feature ensures consistency among Virtual Systems and speeds up the provisioning process.

You always have the option of overriding the default creation template when creating or modifying a Virtual System

The available creation templates are as follows:

• Shared Interface: All Virtual Systems share a single external interface, but maintain separate internal interfaces.
• Separate Interfaces: All Virtual Systems use their own separate internal and external interfaces. This template creates a Dedicated Management Interface (DMI) by default.
• Custom Configuration: You manually create a custom configuration without any template.

Adding VSX Cluster Member

The VSX Cluster Members window defines the members of the new cluster. You must define at least two VSX Cluster Members. You can add more members later.

To add a new VSX Cluster Member:

1. In the VSX Cluster Members window, click Add.
2. The Member Properties window opens.
3. Enter the name and IP addresses for the VSX Cluster Member.

   Note: If you define an IPv6 IP address, you must also have an IPv4 address.

4. Enter and confirm the Activation Key to initialize SIC trust between the VSX Cluster Member and the Management Server.

   Note - You defined this Activation Key during the First Time Configuration Wizard of the VSX Cluster Member.

5. Follow these steps for all VSX Cluster Members.
6. Click Next to continue.

Defining Cluster Interfaces

The VSX Cluster Interfaces window lets you define physical interfaces as VLAN Trunks.

The list shows all interfaces currently defined on the VSX Gateway or VSX Cluster object.

To configure a VLAN Trunk:

Select one or more interfaces to define them as VLAN Trunks. You can clear an interface to remove the VLAN Trunk assignment.

Important - You cannot define the management interface as a VLAN trunk. To use the management interface as a VLAN, you must define the VLAN on the VSX Gateway before you use SmartConsole to create the VSX Gateway object.

Configuring VSX Cluster Members

If you selected the custom configuration option, the VSX Cluster Members window appears.

In this window, you define the synchronization IP address for each VSX Cluster Member.

To configure the VSX Cluster Members:

1. Select the synchronization interface from the list.
2. Enter the synchronization interface addresses and net mask for each VSX Cluster Member.

To use a VLAN as a synchronization interface:

1. On each VSX Cluster Member, define the VLAN interface on the applicable physical interface.
2. In SmartConsole, create the VSX Cluster object.
3. On each VSX Cluster Member, add this line to the $FWDIR/boot/modules/fwken.conf file:

   fwha_monitor_all_vlan=1

Cluster Management

The VSX Gateway Management page allows you to define several security policy rules that protect the cluster itself. This policy is installed automatically on the new VSX Cluster.

Note - This policy applies only to traffic destined for the cluster. Traffic destined for Virtual Systems, other Virtual Devices, external networks, and internal networks is not affected by this policy.

The security policy consists of predefined rules covering the following services:

• UDP: SNMP requests
• TCP: SSH traffic
• ICMP: Echo-request (ping)
• TCP: HTTPS (secure HTTP) traffic

Configuring the Cluster Security Policy

1. Allow: Enable a rule to allow traffic for those services for which you wish to allow traffic. Clear a rule to block traffic. By default, all services are blocked.

   For example, you may wish to allow UDP echo-request traffic in order to be able to ping VSX Cluster Member from the Management Server.

2. Source: Click the arrow and select a Source Object from the list. The default value is *Any.

   Click New Source Object to define a new source.

   For more about Security Policies, see the R80.30 Security Management Administration Guide.

Completing the Wizard

To complete the VSX Cluster Wizard:

1. Click Next to continue and then click Finish to complete the VSX Cluster wizard.

   It can take several minutes to complete. A message appears indicating successful or unsuccessful completion of the process.

   If the process ends unsuccessfully, click View Report to view the error messages. Refer to the troubleshooting steps for more information

2. In SmartConsole, double-click the new VSX Cluster object.