Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Multicast MAC problem on Stonebeat fullcluster

To: Sync Sync <[email protected]>
Subject: Re: [FW1] Multicast MAC problem on Stonebeat fullcluster
From: Peter Lukas <[email protected]>
Date: Thu, 11 Jan 2001 08:12:26 -0600 (CST)
Cc: [email protected]
In-reply-to: <Pine.GSO.3.538.2421C-100000@loghost>
Sender: [email protected]

You need to enable the multicast mac to traverse your switches and trunk
links.  This can be done either with IGMP snooping (consult your alteon
docs) or with a static multicast mapping on all poprts to which firewalls
are connected as well as the trunk links between your switches.

The flooding is essentially the nature of the beast.  Without it, all
firewalls participating in the cluster would not receive the
multicast datagrams as they cross the switch to the firewalls.  You can
restrict it by doing some form of the above.  This does however, pose
limitations on the overall throughput of the firewall cluster as the
maximum will never exceed the capacity of a single interface.

Peter Lukas

On Thu, 11 Jan 2001, Sync Sync wrote:

> 
> 
> 
> Hi all,
> 
> I have two solaris FW1 4.1 running clustering with Stonebeat Fullcluster
> 1.0 SP4.
> I follow the stonebeat maunal and configure the shared gateway (both ext
> and int ) IP address with a multicast MAC address.
> 
> the network diagram look like this:
>           Internet
>           /      \
>    cisco router  cisco router
>          |\     /|   
>          | \   / |
>          |  \ /  |
>          |  / \  |
>      alteon ---alteon
>        |\      / |
>        | \    /  |
>        |  \  /   |
>        |   \/    |
>        |   /\    |
>        |  /  \   |
>        FW1 -- FW1
>        |       |
>        |       |
>      2924 --  2924
>        |       |
>      NAT      NAT
>      LAN      LAN
> 
> Now the problem is flooding... all multicast traffic flood the alteons and
> other switches.. how can i avoid that? the stonebeat manual said enable
> sending IGMP report in the firewall node can avoid this, but I don't know
> how to enable it.
> 
> any suggestion?
> 
> Thanks
> 
> Ben
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Multicast MAC problem on Stonebeat fullcluster
  - From: Sync Sync <[email protected]>

Prev by Date: RE: [FW1] Migrating FW1 4.1 to a new server
Next by Date: RE: [FW1] Checkpoint Experience Conference 2001
Previous by thread: [FW1] Multicast MAC problem on Stonebeat fullcluster
Next by thread: [FW1] Automatic NAT question
Index(es):
- Date
- Thread