Sample VSX NGX R65 and VRRP configuration
Issue/Introduction:
Sample VSX NGX R65 and VRRP configurationN/A
Cause:
The following solution describes the steps for a DBHA / VSX configuration without dynamic routing.
Resolution:
The configuration example has been created based on XOS 9.5 and VSX NGX R65
The VSX cluster topology is as follows
|
1. Two XOS chassis need to be configured and VRRP must be activated: Chassis A: system-identifier 1 system-internal-network 1.1.0.0 255.255.0.0 # remote-box 2 1.1.2.20 192.168.128.181 ... management gigabitethernet 13/1 ip-addr 192.168.128.83/24 192.168.128.255 enable access-list 1 input access-list 1 output Chassis B: system-identifier 2 system-internal-network 1.1.0.0 255.255.0.0 # remote-box 1 1.1.1.20 192.168.128.83 ... management gigabitethernet 13/1 ip-addr 192.168.128.181/24 192.168.128.255 enable access-list 1 input access-list 1 output 2. Configure VSX vap-group on both chassis: vap-group vsx xslinux_v3 vap-count 3 max-load-count 3 no rp-filter ap-list ap1 ap2 ap3 ap4 ap5 ap6 ap7 ap8 ap9 ap10 load-balance-vap-list 1 2 3 ip-forwarding ip-flow-rule vsx_default_vsx action load-balance activate 3. Configure management and sync network on both chassis (please update as needed based on the number of required VAPs): Note: management circuit is IP-less as IP will be provided when installing the application Chassis A: circuit mgmt circuit-id 1025 device-name mgmt vap-group vsx ip-forwarding management-circuit - Check Point synchronization circuit circuit sync circuit-id 1026 device-name sync link-state-resistant vap-group vsx ip-forwarding management-circuit ip 172.17.15.9 255.255.255.248 172.17.15.15 increment-per-vap 172.17.15.11 - Assign circuits to physical interfaces interface gigabitethernet 1/2 logical mgmt circuit mgmt interface gigabitethernet 2/1 logical sync circuit sync Chassis B: circuit mgmt circuit-id 1025 device-name mgmt vap-group vsx ip-forwarding management-circuit - Check Point synchronization circuit circuit sync circuit-id 1026 device-name sync link-state-resistant vap-group vsx ip-forwarding management-circuit ip 172.17.15.12 255.255.255.248 172.17.15.15 increment-per-vap 172.17.15.14 - Assign circuits to physical interfaces interface gigabitethernet 1/2 logical mgmt circuit mgmt interface gigabitethernet 2/1 logical sync circuit sync 4. Configure customer interfaces on both chassis: circuit intranet circuit-id 1027 device-name inta vap-group vsx circuit internet circuit-id 1028 device-name inte vap-group vsx interface gigabitethernet 1/5 logical inta circuit inta interface gigabitethernet 1/6 logical inte circuit inte 5. Configure VRRP statements on both chassis: Chassis A: vrrp failover-group vsx failover-group-id 1 priority 250 virtual-router vrrp-id 1 circuit inta backup-stay-up mac-usage vrrp-mac vap-group vsx virtual-router vrrp-id 2 circuit inte backup-stay-up mac-usage vrrp-mac vap-group vsx Chassis B: vrrp failover-group vsx failover-group-id 1 priority 200 virtual-router vrrp-id 1 circuit inta backup-stay-up mac-usage vrrp-mac vap-group vsx virtual-router vrrp-id 2 circuit inte backup-stay-up mac-usage vrrp-mac vap-group vsx 6. Install VSX application on both chassis on each VAP group and reload the VAP groups. 7. When the VAP groups have been reloaded, start the CP management GUI and create your VSX cluster. "Crossbeam Systems" must be selected as Cluster Platform. 8. As soon as the cluster is working, you can start provisioning the system. Virtual systems and circuits will be created automatically in Crossbeam XOS configuration. |