Technical data

Introduction to VSX Clusters
Check Point VSX Administration Guide NGX R67 | 90
Failure Recovery
When the failed cluster member or Virtual System comes back online, the system returns to its original load
sharing configuration.
Bridge Mode
By implementing native layer-2 bridging instead of IP routing, you can add Virtual Systems without adversely
affecting the existing IP structure.
When in the Bridge mode, Virtual System interfaces do not require IP addresses. You can optionally assign
an IP address to the Virtual System itself (not the interfaces) to enable layer-3 monitoring, which provides
network fault detection functionality.
VSX supports the following Bridge mode models:
STP Bridge Mode: Provides redundancy while preventing undesirable loops between redundant
switches.
Active/Standby Bridge Mode: Provides path redundancy and loop prevention, while offering seamless
support for Virtual System Load Sharing and overcoming many of the limitations of STP.
Spanning Tree Protocol (STP) Bridge Mode
The Spanning Tree Protocol is an industry standard technology designed to prevent loops in high-speed
switched networks. To use the STP Bridge mode, you must have STP deployed and properly configured on
you network. VSX supports the following STP layer-2 protocols:
802.1q
802.1D
802.1s
802.1w
PVST+
Deploying and configuring STP on your network hardware is beyond the scope of this document. Please
refer to your hardware documentation for assistance.
Active/Standby Bridge Mode
The Active/Standby Bridge mode enhances both High Availability and Virtual System Load Sharing in VSX
clustered environments. By eliminating many disadvantages associated with the Spanning Tree Protocol
(STP) bridge mode, Active/Standby Bridge mode provides significant improvements in High Availability
deployments, while supporting Virtual System Load Sharing (VSLS).
Active/Standby Bridge mode offers the following advantages:
Instantaneous failover
Enhanced administrator control over bridge failover.
VSLS support
VLAN translation
The principal limitation of the Active/Standby bridge mode is that it breaks the STP tree structure.
Note - When configuring a Virtual System in the Active/Standby Bridge
Mode, you should remove Virtual System VLANs from the STP
database in the switches. This action prevents delays due to trunk
interface failback.