Skip to main content

VRRP or ClusterXL in GAIA?

 VRRP or ClusterXL in GAIA?

VRRP:

Pros:
1. Single virtual MAC floats between cluster members, depending on which is Master; By Default.
2. Doesn't care about CoreXL or other physical differences between cluster members. But why would you have differently sized cluster members you cheap bast**d? :)


Cons:
1. Decision is per interface.. Am I master or backup, one interface at a time; potential for split brain.
2. No Health checking of the cluster peer(s).
3. If same VRRP ID is used on all interfaces, potential to confuse switch when multiple firewall interfaces connected to same switch; multiple VLANs using same VRRP MAC.
4. Default VRRP MAC is still effected by IGMP, same as ClusterXL CCP multicast mode. VRRP hello packets are transmited using the VRRP MAC as the destination.
5. Only the Master node transmits Hello packets. No status of backup cluster member, VRRP interfaces must be monitored individually to discern if layer 2 connectivity problem exists on one or more interfaces.


ClusterXL:

Pros:
1. Health checks peer on every physical interface
2. Unified interface failover; no chance of split brain
3. Monitors policy, daemons etc.

Cons:
1. Magic Numbers(ClusterXL CCP source MACs) have to be adjusted manually when multple clusters share a VLAN/subnet, or risk instability.
2. HA New mode uses physical MAC of Active member, by default (VMAC mode now enable via R76 SmartDashboard [R76 GAIA only])


ClusterXL is more robust than VRRP in it's monitoring of peer nodes and failover. ClusterXL VMAC addresses the main problem with ClusterXL.

Comments

  1. It could not have been more helpful than reading honest pros and cons of it. sometimes one can not decide or know it on their own and i am glad that this post existed

    ReplyDelete

Post a Comment

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall