[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Multicast MAC problem on Stonebeat fullcluster
You need to enable the multicast mac to traverse your switches and trunk links. This can be done either with IGMP snooping (consult your alteon docs) or with a static multicast mapping on all poprts to which firewalls are connected as well as the trunk links between your switches. The flooding is essentially the nature of the beast. Without it, all firewalls participating in the cluster would not receive the multicast datagrams as they cross the switch to the firewalls. You can restrict it by doing some form of the above. This does however, pose limitations on the overall throughput of the firewall cluster as the maximum will never exceed the capacity of a single interface. Peter Lukas On Thu, 11 Jan 2001, Sync Sync wrote: > > > > Hi all, > > I have two solaris FW1 4.1 running clustering with Stonebeat Fullcluster > 1.0 SP4. > I follow the stonebeat maunal and configure the shared gateway (both ext > and int ) IP address with a multicast MAC address. > > the network diagram look like this: > Internet > / \ > cisco router cisco router > |\ /| > | \ / | > | \ / | > | / \ | > alteon ---alteon > |\ / | > | \ / | > | \ / | > | \/ | > | /\ | > | / \ | > FW1 -- FW1 > | | > | | > 2924 -- 2924 > | | > NAT NAT > LAN LAN > > Now the problem is flooding... all multicast traffic flood the alteons and > other switches.. how can i avoid that? the stonebeat manual said enable > sending IGMP report in the firewall node can avoid this, but I don't know > how to enable it. > > any suggestion? > > Thanks > > Ben > > > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|