How Active/Standby Mode Works

Background

The Dual Chassis High Availability mechanism is based on two identical Chassis.

One Chassis handles traffic (Active state), while the other Chassis is in the Standby state.

The Standby Chassis synchronizes with the Active Chassis, so that traffic continues uninterrupted when there is a Chassis failover.

  • Chassis High Availability works on the principle that the Chassis with the highest quality grade becomes the Active Chassis.

    To make sure that the most reliable Chassis is Active, each Chassis is assigned a quality grade.

    The quality grade is based on a continuous monitoring of Chassis critical components and traffic characteristics.

    Automatic failover occurs only when the quality grade of the Standby Chassis is greater than the quality grade of the Active Chassis, plus the minimum differential.

    A configurable minimum grade differential prevents unnecessary failover, which can cause performance degradation.

    See:

  • Each Chassis port has its own unique MAC address.

    The MAC addresses for SGMs are the same on the same Chassis.

    The MAC addresses are different for the ports on the two Chassis.

    A Chassis failover event sends GARP / ICMPv6 packets for each interface. This informs the network to use the other interfaces.

    See Working with the GARP Chunk Mechanism.

With the applicable Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group. commands, you configure these High Availability parameters:

  • Chassis High Availability - "Active Up" Mode or "Primary Up" Mode.

  • Chassis quality grade factors

  • Failover grade difference for failover

  • Failover freeze interval

  • Port priority

Configuring Active/Standby Mode

Syntax

set chassis high-availability mode <Mode ID>

Available Modes

Mode ID

Mode Title

Mode Description

0

Active/Standby - Active Up

No primary Chassis.

The currently Active Chassis stays Active unless it goes DOWN, or the Standby Chassis has a higher Chassis quality grade.

1

Active/Standby - Primary Up

Active Chassis always stays Active unless it goes DOWN, or the Standby Chassis has a higher Chassis quality grade.

See Configuring the Chassis Priority.

2

Not available

Not supported.

3

Standby Chassis VSLS Mode

In VSXClosed Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts., provides Virtual System Load Sharing.

Synchronizing Dual Chassis on a Wide Area Network

You can install your Chassis at two different remote sites as a geographically distributed clusterClosed Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..

There are two limitations to this capability:

  1. The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss.

  2. The synchronization network can include switches and hubs.

    Routers cannot be installed on the synchronization network because they drop Cluster Control Protocol packets.