High Availability Slowing Down Network

mnutriaji · #1 (**permalink**) 2007-06-07

Hi everyone

need help on High Availability...
I installed Secureplatform R62 in 2 firewall modules(HA-1 and HA-2). I glued them together as New Mode High AVailabilty.
I enabled the State Synchronization and priority to HA-1.

currently iam using single module (no HA configuration), everything works fine. Using bandwidth meter, measurement for inter LAN segmen in firewall can reach up to 90 Mbps.

But, when i applied the HA modules as the replacement of single mode, network performance dropped 50%. The measurement using the bandwidth meter reach up to 40 Mbps only. It is felt by user as well.

I checked in Tracker, everything is fine. Suing command cpstat ha and cphaprob state, everything is OK.
Each firewall port and switch port i set to manual : Full duplex, and speed 10/100.

Is anyone ever experience this? is it possible HA cause this? are there any way i can troubleshoot tis case?

thanks a lot in advance

marendra

melipla · #2 (**permalink**) 2007-06-07

Are you using new hardware for the HA cluster? I'm assuming the CP version is staying the same, given that no new features (like SD or any SSs) are enabled the cluster shouldn't perform slower then the single gw. I find it out that you manually set the speed / duplex on every interface. Do any of the firewall ports or switch ports list any errors? Does the performance remain bad if you stop HA and test through the active gw?

chillyjim · #3 (**permalink**) 2007-06-07

Try to use pivot/unicast/whatever its called mode (The one that's not new mode). Some switches have a hard time with the multi-cast

melipla · #4 (**permalink**) 2007-06-07

Quote:

Originally Posted by chillyjim

Try to use pivot/unicast/whatever its called mode (The one that's not new mode). Some switches have a hard time with the multi-cast

I think Chillyjim is referring to this CP command:
cphaprob set_ccp broadcast
(to change back, use multicast instead of broadcast)

chillyjim · #5 (**permalink**) 2007-06-07

Actually I was thinking of clicking the radio button in the cluster object->clusterxl screen.

mnutriaji · #6 (**permalink**) 2007-06-08

Quote:

Originally Posted by melipla

I think Chillyjim is referring to this CP command:
cphaprob set_ccp broadcast
(to change back, use multicast instead of broadcast)

do you mean cphaconf set_ccp broadcast/multicast ?
chillyjim, which radio button you're referring to? legacy mode?

thanks

marendra

chillyjim · #7 (**permalink**) 2007-06-10

Quote:

Originally Posted by mnutriaji

chillyjim, which radio button you're referring to? legacy mode?

That sound right

mnutriaji · #8 (**permalink**) 2007-06-26

Phew, Finally
All my HAs are working. But in still i dont know why if the traffic going through trunking, all the network performance that goes thourh firewall cut down to 50%.

My solution are not using trunking at all. and it works

Anyone ever experience any6thing like this before ?

thanks you all for your help

thanks

marendra

melipla · #9 (**permalink**) 2007-06-27

Quote:

Originally Posted by mnutriaji

if the traffic going through trunking, all the network performance that goes thourh firewall cut down to 50%.

Can you explain a little more on how you came to this conclusion?

Would it affect all traffic passing through the firewall or only packets passing through the trunk port(s)?

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode