It is recommended that Check Point sync interface has a second interface using the redundancy interface feature of XOS.It is recommended that Check Point sync interface has a second interface using the redundancy interface feature of XOS.
To document the best practice when configuring physical interfaces for Check Point sync circuit.
It is recommended that Check Point sync interface has a second interface configured using the redundancy interface feature of XOS:
ip 192.168.255.1/24 192.168.255.255 increment-per-vap 192.168.255.2
It is recommended NOT to use group-interface (LACP) for Check Point synchronization. Check Point synchronization traffic mainly uses only 2 IP addresses - the source 0.0.0.0 and the synchronization network broadcast address as the destination (192.168.255.255 in the above example). This traffic is considered a single flow and as such cannot be distributed over multiple physical links. It must be transmitted over a single interface and there is no benefit in using LACP.
When LACP is configured for sync, there is even a potential performance degradation issue if the neighbor switch selects another link in the bundle to transmit the sync traffic than X-series. Such scenario leads to flow reclassification on the NPM and may cause sync issues on the cluster members.
Imported Document ID: 000019563
Subscribing will provide email updates when this Article is updated. Login is required.