Viewing Cluster Correction Statistics
Description
This command shows the Cluster
Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. Correction Statistics on each Cluster Member Security Gateway that is part of a cluster..
The Cluster Correction Layer Proprietary Check Point mechanism that deals with asymmetric connections in Check Point cluster. The CCL provides connections stickiness by "correcting" the packets to the correct Cluster Member: In most cases, the CCL makes the correction from the CoreXL SND; in some cases (like Dynamic Routing, or VPN), the CCL makes the correction from the Firewall or SecureXL. Acronym: CCL. (CCL) is a mechanism that deals with asymmetric connections.
The CCL provides connections stickiness by "correcting" the packets to the correct Cluster Member:
-
In most cases, the CCL makes the correction from the CoreXL
Performance-enhancing technology for Security Gateways on multi-core processing platforms. Multiple Check Point Firewall instances are running in parallel on multiple CPU cores. SND. -
In some cases (like Dynamic Routing, or VPN), the CCL makes the correction from the Firewall or SecureXL
Check Point product on a Security Gateway that accelerates IPv4 and IPv6 traffic that passes through a Security Gateway..
In some cases, ClusterXL Cluster of Check Point Security Gateways that work together in a redundant configuration. The ClusterXL both handles the traffic and performs State Synchronization. These Check Point Security Gateways are installed on Gaia OS: (1) ClusterXL supports up to 5 Cluster Members, (2) VRRP Cluster supports up to 2 Cluster Members, (3) VSX VSLS cluster supports up to 13 Cluster Members. Note: In ClusterXL Load Sharing mode, configuring more than 4 Cluster Members significantly decreases the cluster performance due to amount of Delta Sync traffic. needs to send some data along with the corrected packet (currently, only in VPN). For such packets, the output shows "with metadata".
|
|
Note - For more information about CoreXL, see the R81.10 Performance Tuning Administration Guide. |
Syntax
|
Shell |
Command |
|---|---|
|
N / A |
|
|
Expert mode |
|
Where:
|
Command |
Description |
|---|---|
|
|
Shows Cluster Correction Statistics for all traffic. |
|
|
Shows Cluster Correction Statistics for CoreXL SND only. |
|
|
Shows Cluster Correction Statistics for CoreXL Firewall instances only. |
|
|
Shows Cluster Correction Statistics for SecureXL only. |
Example 1 - For all traffic
[Expert@Member1:0]# cphaprob corr Getting stats for SXL device 0, may take a few seconds... Cluster Correction Stats (All Traffic): ------------------------------------------------------ Sent packets: 156 (0 with metadata) Sent bytes: 34,568 Received packets: 0 (0 with metadata) Received bytes: 0 Send errors: 0 Receive errors: 0 Local asymmetric conns: 0 [Expert@Member1:0]# |
Example 2 - For CoreXL SND only
[Expert@Member1:0]# cphaprob -d corr Cluster Correction Stats (Dispatcher Corrections only): ------------------------------------------------------ Sent packets: 0 (0 with metadata) Sent bytes: 0 Received packets: 0 (0 with metadata) Received bytes: 0 Send errors: 0 Receive errors: 0 [Expert@Member1:0]# |
Example 3 - For CoreXL Firewall instances only
[Expert@Member1:0]# cphaprob -f corr Cluster Correction Stats (Firewall instances only):------------------------------------------------------ Sent packets: 156 (0 with metadata) Sent bytes: 34,568 Received packets: 0 (0 with metadata) Received bytes: 0 Send errors: 0 Receive errors: 0 Local asymmetric conns: 0 [Expert@Member1:0]# |
Example 4 - For SecureXL only
[Expert@Member1:0]# cphaprob -s corr Getting stats for SXL device 0, may take a few seconds... Cluster Correction Stats (SXL Devices only): ------------------------------------------------------ Sent packets: 0 (0 with metadata) Sent bytes: 0 Received packets: 0 (0 with metadata) Received bytes: 0 Send errors: 0 Receive errors: 0 Local asymmetric conns: 0 [Expert@Member1:0]# |