Manualshelf

Technical data

ManualsBrandsCheck Point Software Technologies ManualsNetworkingVSX-1 3070
81828384858687888990
Check Point VSX Administration Guide NGX R67 | 82
Chapter 5
Introduction to VSX Clusters
This chapter presents a conceptual overview of VSX cluster deployments, with emphasis on clustering
features and their application. This discussion assumes that the reader is familiar with network cluster
applications and environments, particularly ClusterXL.
The Cluster Management chapter ("Managing VSX Clusters" on page 93) provides detailed configuration
procedures, including instructions for enabling and using all VSX clustering features. For more about Check
Point ClusterXL features and functionality, see the R75.20 ClusterXL Administration Guide
(http://supportcontent.checkpoint.com/documentation_download?ID=12265).
In This Chapter
VSX Clustering Overview 82
Planning a Cluster Deployment 83
VSX High Availability 85
Virtual System Load Sharing (VSLS) 86
Bridge Mode 90
Using Virtual Switches in a Cluster 92
VSX Clustering Overview
VSX clusters provide redundancy and load sharing features for Virtual Systems and other virtual devices. A
VSX cluster consists of two or more identical, interconnected VSX gateways that ensure continuous data
synchronization.
VSX high availability ensures continuous operation by means of transparent gateway or Virtual System
failover. Virtual System Load Sharing (VSLS) enhances system performance by distributing active Virtual
Systems amongst cluster members.
The advantages of using clusters in a VSX environment include:
Transparent failover in case of gateway or Virtual System failure
State synchronization ensures zero downtime for mission-critical environments
Load sharing maintains system throughput during peak demand
Enhanced scalability for future traffic growth
Physical Clusters
VSX clustering is based on Check Point ClusterXL concepts. This section reviews these concepts, and then
demonstrates how these principles apply to VSX virtualization.
In typical Security Gateway deployment, a cluster consists of two or more identical, interconnected physical
Security Gateways that provide redundancy and/or load sharing. This cluster behaves as a single Security
Gateway and is assigned its own IP address, which is known as its cluster IP or virtual IP. This cluster IP
address is distinct from the physical IP addresses of its cluster members, which are hidden from the
networks connected to the cluster.
Traffic from external networks or the Internet directed to the internal networks arrives at the external cluster
IP address. Depending on the clustering mode (high availability or load sharing), a designated cluster
member receives the traffic and performs the required inspection. Following inspection, traffic is either sent
to its destination on the internal network, or dropped.