Technical data

Introduction to VSX Clusters

Check Point VSX Administration Guide NGX R67 | 84

VSX Cluster Architecture

VSX IP address allocation is similar to physical networks. Both real and virtual IP addresses are required for

network connectivity (internal and external), management, and state synchronization.

VSX simplifies the IP address management task by automatically assigning IP addresses to Warp Links

between virtual devices. For example, Warp Links between a Virtual Router and its associated Virtual

Systems are created automatically and assigned IP addresses without user intervention.

A VSX cluster network contains the following components:

 Synchronization Network

 Internal Communications Network

 Virtual IP addresses

Synchronization Network

The synchronization network is a physical network that carries state synchronization data between cluster

members. You configure the synchronization network during the initial VSX cluster definition and can make

changes as necessary when adding or removing members.

State Synchronization can be used ClusterXL deployments as well as other OPSEC-certified VSX solutions.

The synchronization network must be configured using unique IP addresses that are not used anywhere

else in the enterprise network.

Internal Communication Network

The internal communication network is a virtual network that is required for Check Point ClusterXL

environments in addition to the synchronization network. The internal communication network is invisible to

external networks and enables cluster members to communicate and recognize the state of the

environment.

VSX assigns an IP address to the internal communication network is assigned during the cluster creation

process, eliminating the need to manually assign an IP addresses to each cluster member. The default IP

address range consists of four class C networks:

IP address: 192.168.196.0

Net mask: 255.255.252.0

You can modify the default IP address using Properties > Cluster members page of the VSX cluster

object, but only before creating Virtual Systems. Once Virtual Systems have been created, the IP range of

the internal communication network cannot be modified.

Note - To avoid overlapping IP addresses, before creating any Virtual

Devices, make sure the default IP address range of the Internal

Communication network is not used anywhere else in the external

network.

Virtual IP Addresses

Cluster (virtual) IP addresses are the only IP addresses visible to the external network. The assigned cluster

IP addresses must correspond to the directly-connected subnet and server as a valid next hop address.

These IP addresses are similar to virtual addresses configured across traditional cluster setups.