Viewing Cluster State

Description

This command monitors the cluster status (after you set up the cluster).

Syntax

Shell	Command
Gaia Clish	`set virtual-system <VSID>` `show cluster state`
Expert mode	`cphaprob [-vs <VSID>] state`

Example

Member1> show cluster state
 
Cluster Mode:   High Availability (Active Up) with IGMP Membership
 
ID         Unique Address  Assigned Load   State          Name
 
1 (local)  11.22.33.245    100%            ACTIVE(!)      Member1
2          11.22.33.246    0%              DOWN           Member2
 
 
Active PNOTEs: COREXL
 
Last member state change event:
   Event Code:                 CLUS-116505
   State change:               INIT -> ACTIVE(!)
   Reason for state change:    All other machines are dead (timeout), FULLSYNC PNOTE
   Event time:                 Sun Sep  8 15:28:39 2019
v Cluster failover count:
   Failover counter:           0
   Time of counter reset:      Sun Sep  8 15:28:21 2019 (reboot)
 
Member1>

Description of the "cphaprob state" command output fields:

Table: Description of the output fields
Field	Description
Cluster Mode	Can be one of these: Load Sharing (Multicast). Load Sharing (Unicast). High Availability (Primary Up). High Availability (Active Up). Virtual System Load Sharing For third-party clustering products: Service, refer to Clustering Definitions and Terms, for more information.
ID	In the High Availability mode - indicates the Cluster Member priority, as configured in the cluster object in SmartConsole. In Load Sharing mode - indicates the Cluster Member ID, as configured in the cluster object in SmartConsole.
Unique Address	Usually, shows the IP addresses of the Sync interfaces. In some cases, can show IP addresses of other cluster interfaces.
Assigned Load	In the ClusterXL High Availability mode - shows the Active Cluster Member with 100% load, and all other Standby Cluster Members with 0% load. In ClusterXL Load Sharing modes (Unicast and Multicast) - shows all Active Cluster Members with 100% load.
State	In the ClusterXL High Availability mode, only one Cluster Member in a fully-functioning cluster must be ACTIVE, and the other Cluster Members must be in the STANDBY state. In the ClusterXL Load Sharing modes (Unicast and Multicast), all Cluster Members in a fully-functioning cluster must be ACTIVE. In 3rd-party clustering configuration, all Cluster Members in a fully-functioning cluster must be ACTIVE. This is because this command only reports the status of the Full Synchronization process. See the summary table below.
Name	Shows the names of Cluster Members' objects as configured in SmartConsole.
Active PNOTEs	Shows the Critical Devices that report theirs states as "`problem`" (see Viewing Critical Devices).
Last member state change event	Shows information about the last time this Cluster Member changed its cluster state.
Event Code	Shows an event code. For information, see sk125152.
State change	Shows the previous cluster state and the new cluster state of this Cluster Member.
Reason for state change	Shows the reason why this Cluster Member changed its cluster state.
Event time	Shows the date and the time when this Cluster Member changed its cluster state.
Last cluster failover event	Shows information about the last time a cluster failover occurred.
Transition to new ACTIVE	Shows which Cluster Member became the new Active.
Reason	Shows the reason for the last cluster failover.
Event time	Shows the date and the time of the last cluster failover.
Cluster failover count	Shows information about the cluster failovers.
Failover counter	Shows the number of cluster failovers since the boot. Notes: This value survives reboot. This counter is synchronized between Cluster Members.
Time of counter reset	Shows the date and the time of the last counter reset, and the reset initiator.

When you examine the state of the Cluster Member, consider whether it forwards packets, and whether it has a problem that prevents it from forwarding packets. Each state reflects the result of a test on critical devices. This table shows the possible cluster states, and whether or not they represent a problem.

Table: Description of the cluster states
Cluster State	Description	Forwarding packets?	Is this state a problem?
ACTIVE	Everything is OK.	Yes	No
ACTIVE(!) ACTIVE(!F) ACTIVE(!P) ACTIVE(!FP)	A problem was detected, but the Cluster Member still forwards packets, because it is the only member in the cluster, or because there are no other Active members in the cluster. In any other situation, the state of the member is Down. `ACTIVE(!)` - See above. `ACTIVE(!F)` - See above. Cluster Member is in the freeze state. `ACTIVE(!P)` - See above. This is the Pivot Cluster Member in Load Sharing Unicast mode. `ACTIVE(!FP)` - See above. This is the Pivot Cluster Member in Load Sharing Unicast mode and it is in the freeze state.	Yes	Yes
DOWN	One of the Critical Devices reports its state as "`problem`" (see Viewing Critical Devices).	No	Yes
LOST	The peer Cluster Member lost connectivity to this local Cluster Member (for example, while the peer Cluster Member is rebooted).	No	Yes
READY	State Ready means that the Cluster Member recognizes itself as a part of the cluster and is literally ready to go into action, but, by design, something prevents it from taking action. Possible reasons that the Cluster Member is not yet Active include: Not all required software components were loaded and initialized yet and/or not all configuration steps finished successfully yet. Before a Cluster Member becomes Active, it sends a message to the rest of the Cluster Members, to check if it can become Active. In High Availability mode it checks if there is already an Active member and in Load Sharing Unicast mode it checks if there is a Pivot member already. The member remains in the Ready state until it receives the response from the rest of the Cluster Members and decides which, which state to choose next (Active, Standby, Pivot, or non-Pivot). Software installed on this Cluster Member has a higher version than all the other Cluster Members. For example, when a cluster is upgraded from one version of Check Point Security Gateway to another, and the Cluster Members have different versions of Check Point Security Gateway, the Cluster Members with the new version have the Ready state, and the Cluster Members with the previous version have the Active/Active Attention state. This applies only when the Multi-Version Cluster Mechanism is disabled (see Viewing the State of the Multi-Version Cluster Mechanism). See sk42096 for a solution.	No	No
STANDBY	Applies only to a High Availability mode. Means that the Cluster Member waits for an Active Cluster Member to fail in order to start packet forwarding.	No	No
BACKUP	Applies only to a VSX Cluster in Virtual System Load Sharing mode with three or more Cluster Members configured. State of a Virtual System on a third (and so on) VSX Cluster Member.	No	No
INIT	The Cluster Member is in the phase after the boot and until the Full Sync completes.	No	No