Re: [FW1] Multicast MAC problem on Stonebeat fullcluster

Thu, 11 Jan 2001 06:16:53 -0800 


You need to enable the multicast mac to traverse your switches and trunk
links.  This can be done either with IGMP snooping (consult your alteon
docs) or with a static multicast mapping on all poprts to which firewalls
are connected as well as the trunk links between your switches.

The flooding is essentially the nature of the beast.  Without it, all
firewalls participating in the cluster would not receive the
multicast datagrams as they cross the switch to the firewalls.  You can
restrict it by doing some form of the above.  This does however, pose
limitations on the overall throughput of the firewall cluster as the
maximum will never exceed the capacity of a single interface.

Peter Lukas

On Thu, 11 Jan 2001, Sync Sync wrote:

> 
> 
> 
> Hi all,
> 
> I have two solaris FW1 4.1 running clustering with Stonebeat Fullcluster
> 1.0 SP4.
> I follow the stonebeat maunal and configure the shared gateway (both ext
> and int ) IP address with a multicast MAC address.
> 
> the network diagram look like this:
>           Internet
>           /      \
>    cisco router  cisco router
>          |\     /|   
>          | \   / |
>          |  \ /  |
>          |  / \  |
>      alteon ---alteon
>        |\      / |
>        | \    /  |
>        |  \  /   |
>        |   \/    |
>        |   /\    |
>        |  /  \   |
>        FW1 -- FW1
>        |       |
>        |       |
>      2924 --  2924
>        |       |
>      NAT      NAT
>      LAN      LAN
> 
> Now the problem is flooding... all multicast traffic flood the alteons and
> other switches.. how can i avoid that? the stonebeat manual said enable
> sending IGMP report in the firewall node can avoid this, but I don't know
> how to enable it.
> 
> any suggestion?
> 
> Thanks
> 
> Ben
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to