[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [FW1] Multicast MAC question on Stonebeat fullcluster
More or less, no. When you statically define the multicast mac in the
cam, the switch will allow the frame to reach all ports/trunks that
contain a static entry for the multicast address.
Depending on how the trunks are configured in your mesh, trunk port 2 will
enter into blocking mode provided trunk port 1 is active/forwarding. All
frames that belong on VLANs permitted across the trunk will traverse
(provided there is no local mac address mapping in the cam for a local
port -- this was explicitly permitted for the fullcluster when you
statically mapped the multicast mac on the trunk port, however).
In either case, this configuration will disperse all frames to the
multicast MAC/unicast IP regardless of which node in the cluster responds
to the frame. If stonebeat instructs node 1 to receive all traffic for a
particular session, node 2 receives the traffic, but will discard it.
Peter Lukas
- I imagine that this is drifting off-topic. Perhaps the fine folks at
stonesoft wouldn't mind setting up a mailing list of their own.
On Tue, 16 Jan 2001, Wales, Holly wrote:
> > We are using Stonebeat FullCluster version 2, sp1b.
> > Just got it up and working in a very basic state, but not fully utilized.
> > For this discussion, the Cisco 6509's each have a MSFC module for routing
> > purposes.
> > FW1 and FW2 are part of the same VLAN. Currently, we have FW1 and FW2
> > both on C3 and we are wanting to move FW2 to C4 so that it matches the
> > diagram below. We currently have a static multicast mac address defined
> > in the CAM tables of C3 with a static route in the route module that
> > points all
> > traffic to network X through the firewall's virtual IP unicast cluster
> > address.
> >
> (note. I am not using IGMP)
> > We want to go to the configuration below and define statically the
> > multicast
> > mac address in both C3 and C4 for the port that the firewalls are
> > connected to
> > and for the trunk port between C3 and C4. I am planning on defining a
> > static route
> > in both C3 and C4 with the metric on C4 lower and redistributed that into
> > EIGRP.
> > So, I'm not really worried about the routing but I am worried about the
> > switching
> > part of this. For this to work properly, if a packet destined for
> > network X comes
> > into C3, the static route tells it to get to network X through the virtual
> > unicast IP
> > address. The virtual IP unicast address has a multicast mac address
> > statically mapped
> > in the CAM table of the C3 switch for ports 1 and 2. Likewise, C4 also
> > has the multicast mac address statically configured in the CAM tables for
> > ports 1 and 2. Does anyone know if ports 2 on the trunk between the 6509
> > switches
> > will ping-pong frames back and forth?
> >
> > Outer World
> > / \
> > _______/ \ _________
> > | | | |
> > | C1 | | C2 |
> > | 6509 | | 6509 |
> > |______ | |______ |
> > | \ / |
> > | \ / |
> > | \ |
> > | / \ |
> > ____|____/ \ ____ |____
> > | | | |
> > | C3 | | C4 |
> > | 6509 | trunk | 6509 |
> > |__1__2_|=========== |2__1___|
> > | |
> > | |
> > | |
> > ___|____ (unicast IP) ___|____
> > | | cluster address | |
> > | FW1 | | FW2 |
> > | | | |
> > |______ | |______ |
> > | |
> > ---------------------------------------------
> > |
> > (network X)
> >
> >
> >
> >
> > Holly Wales
> > Lockheed Martin
> > [email protected]
> > phone:> > fax:> >
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================