CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 5 of 5

Thread: vPC with VSX R77.30

  1. #1
    Join Date
    2016-10-31
    Posts
    53
    Rep Power
    4

    Default vPC with VSX R77.30

    Hi Guys,

    I am looking for your expert advise .
    We are migrating our Checkpoint R77.10 on to R77.10 and also we are migrating 6500 Core Switch network on N9K .The N9K going to be configured with vPC.The firewalls vlans are going to be part of the vPC domain.The ClusterXL going to be set Multicast.
    Do you see any challenge which can caused mac-address or interface flap issue if we vlans/ports are part of the vPC ?

  2. #2
    Join Date
    2017-03-17
    Posts
    8
    Rep Power
    0

    Default Re: vPC with VSX R77.30

    I don't think you will get an issue, vPC support multicast. I've seen an issue with L3 multicast but not with L2 and it was in 5K's not in 9K's.
    As a workaround (it's a botched job), you can connect another cable between Nexus boxes and use vlans with multicast going through that link and vPC vlans through the peer link.

  3. #3
    Join Date
    2016-10-31
    Posts
    53
    Rep Power
    4

    Default Re: vPC with VSX R77.30

    Hi Guys,

    I have hit this issue if vlans are part of the vPC domain then both firewall not able to listen CCP packet and If I remove the vlan from vPC the firewall works OK.We dis not get chance to collect enough debug from switch so we had to set CCP mode to broadcast to make it working.
    I guess I need to remove the vlan from vPC or add static multicast mac address on switch cam table ?
    Has anyone come across with this situation ?
    I am going to raise TAC case with CISCO.

  4. #4
    Join Date
    2013-09-25
    Location
    Bucharest
    Posts
    649
    Rep Power
    7

    Default Re: vPC with VSX R77.30

    Quote Originally Posted by ba3113 View Post
    Hi Guys,

    I have hit this issue if vlans are part of the vPC domain then both firewall not able to listen CCP packet and If I remove the vlan from vPC the firewall works OK.We dis not get chance to collect enough debug from switch so we had to set CCP mode to broadcast to make it working.
    I guess I need to remove the vlan from vPC or add static multicast mac address on switch cam table ?
    Has anyone come across with this situation ?
    I am going to raise TAC case with CISCO.
    What's the outcome here? And why would you aim for CCP on multicast, rather than broadcast?

  5. #5
    Join Date
    2016-10-31
    Posts
    53
    Rep Power
    4

    Default Re: vPC with VSX R77.30

    Quote Originally Posted by laf_c View Post
    What's the outcome here? And why would you aim for CCP on multicast, rather than broadcast?
    Multicast is more efficient compare to broadcast.

    We are still working with Cisco to identify the problem.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •