It is just a quick note for fast knowledge recovery about ClusterXL for me :-)
There are 4 ClusterXL modes:
-Load Sharing Multicast Mode
-Load Sharing Unicast Mode
-New High Availability Mode -> This is what is under magnifier now.
-High Availability Legacy Mode
Sniffered packet
Command used:
# tcpdump -i bond1 -evvxn udp 8116
13:24:40.487490 00:00:00:00:fe:01 > 01:00:5e:18:0c:01, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 69) 0.0.0.0.cp-cluster > 172.24.12.0.cp-cluster: [udp sum ok] UDP, length 41
0x0000: 4500 0045 0000 0000 ff11 0390 0000 0000
0x0010: ac18 0c00 1fb4 1fb4 0031 3511 1a90 08a3
0x0020: 464f 0001 0012 0efb 0001 fffe 4e52 0000
0x0030: 000a 0001 0002 0003 0004 0000 0402 0400
0x0040: 0400 0002 00
13:24:40.831417 00:00:00:00:fe:00 > 01:00:5e:18:0c:01, ethertype IPv4 (0x0800), length 83: (tos 0x0, ttl 255, id 0, offset 0, flags [none], proto: UDP (17), length: 69) 0.0.0.0.cp-cluster > 172.24.12.0.cp-cluster: [udp sum ok] UDP, length 41
0x0000: 4500 0045 0000 0000 ff11 0390 0000 0000
0x0010: ac18 0c00 1fb4 1fb4 0031 c065 1a90 08a3
0x0020: 464f 0001 0012 7fa9 0000 fffe 4e52 0000
0x0030: 000a 0001 0002 0003 0004 0000 0402 0400
0x0040: 0400 0000 04
|
Destination MAC
The destination MAC is a mutlicast MAC. See the part “01:00:5e:” in the destination MAC.
Source:
http://de.wikipedia.org/wiki/Multicast
Example from sniffer: 01:00:5e:18:0c:01
Source MAC
Cluster members communicate with each other using the Cluster Control Protocol (CCP). CCP packets are
distinguished from ordinary network traffic by giving CCP packets a unique source MAC address.
– The first four bytes of the source MAC address are all zero: 00.00.00.00
– The fifth byte of the source MAC address is a !magic number!. Its value indicates its purpose
Default value of fifth byte | Purpose
———————————————————-
0xfe | CCP traffic
0xfd | Forwarding layer traffic
– The sixth byte is the ID of the sending cluster member (see abowe 00 or 01 in Source MAC)
Example from sniffer: 00:00:00:00:fe:01
Source and Destionation IP
The Source IP is full zero and the Destination IP is a network IP:
Example from sniffer: 0.0.0.0.8116 > 172.24.12.0.8116
Virtual IP
The Virtual IP has the MAC as the active member physical MAC. What happens if the member fails? The another unit sends a gratious arp with the new mac or what?
More information in ClusterXL administration guide.
Troubleshooting notes
The clusterxl checking commands can be found in the link below:
https://itsecworks.wordpress.com/2010/11/25/checkpoint-and-ipso-useful-commands/
Clusterxl debugging start:
1. # fw ctl debug -x or # fw ctl debug 0 2. fw ctl debug -buf 4096 3. fw ctl debug -m cluster all or just # fw ctl debug -m cluster + timer 4. # fw ctl kdebug -T -f > clusterxl_deb.txt |
Clusterxl debugging stop:
1. [ctrl + c] 2. # fw ctl debug -x or # fw ctl debug 0 |
Example for stopping debugging (defaulting or disabling? I would disable all):
[Expert@inwcfw01a57-zug]# fw ctl debug 0 Defaulting all kernel debugging options [Expert@inwcfw01a57-zug]# fw ctl debug -x Disabling all kernel debugging options |
More info:
http://www.checkpoint.com/services/enterprise/docs/Troubleshooting_and_Debugging.pdf
itsecworks 
Posted on February 28, 2013
0