How Active/Standby Mode Works
Background
The Dual Chassis High Availability mechanism is based on two identical Chassis.
One Chassis handles traffic (Active state), while the other Chassis is in the Standby state.
The Standby Chassis synchronizes with the Active Chassis, so that traffic continues uninterrupted when there is a Chassis failover.
-
Chassis High Availability works on the principle that the Chassis with the highest quality grade becomes the Active Chassis.
To make sure that the most reliable Chassis is Active, each Chassis is assigned a quality grade.
The quality grade is based on a continuous monitoring of Chassis critical components and traffic characteristics.
Automatic failover occurs only when the quality grade of the Standby Chassis is greater than the quality grade of the Active Chassis, plus the minimum differential.
A configurable minimum grade differential prevents unnecessary failover, which can cause performance degradation.
See:
-
Each Chassis port has its own unique MAC address.
The MAC addresses for SGMs are the same on the same Chassis.
The MAC addresses are different for the ports on the two Chassis.
A Chassis failover event sends GARP / ICMPv6 packets for each interface. This informs the network to use the other interfaces.
With the applicable Gaia gClish The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group. commands, you configure these High Availability parameters:
-
Chassis High Availability - "Active Up" Mode or "Primary Up" Mode.
-
Chassis quality grade factors
-
Failover grade difference for failover
-
Failover freeze interval
-
Port priority
Configuring Active/Standby Mode
Syntax
|
Available Modes
Mode ID |
Mode Title |
Mode Description |
---|---|---|
0 |
Active/Standby - Active Up |
No primary Chassis. The currently Active Chassis stays Active unless it goes DOWN, or the Standby Chassis has a higher Chassis quality grade. |
1 |
Active/Standby - Primary Up |
Active Chassis always stays Active unless it goes DOWN, or the Standby Chassis has a higher Chassis quality grade. |
2 |
Not available |
Not supported. |
3 |
Standby Chassis VSLS Mode |
In VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts., provides Virtual System Load Sharing. |
Synchronizing Dual Chassis on a Wide Area Network
You can install your Chassis at two different remote sites as a geographically distributed cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing..
There are two limitations to this capability:
-
The synchronization network must guarantee no more than 100ms latency and no more than 5% packet loss.
-
The synchronization network can include switches and hubs.
Routers cannot be installed on the synchronization network because they drop Cluster Control Protocol packets.