Advanced Clustering Configuration

This section presents several advanced cluster scenarios and procedures for their configuration.

Clusters on the Same Layer-2 Segment

The recommended cluster architecture contains interfaces connect to a Layer-2 segment that is
isolated from other clusters. When configuring a cluster with only two members, you should connect
the secured interfaces of the sync network using a crossover cable.

However, in a deployment where multiple clusters need to connect to the same Layer-2 segment, the
same MAC address may be used by more than one cluster for Cluster Control Protocol (CCP)
communication. This may direct traffic to the incorrect cluster. In this case you will need to modify the
source MAC address(es) of the clusters.

This section describes how source MAC addresses are assigned, and explains how to change them.
This procedure applies to both ClusterXL and OPSEC certified clustering products using the High
Availability mode.

Source Cluster MAC Addresses

Cluster members use CCP to communicate with each other. In order to distinguish CCP packets from
ordinary network traffic, CCP packets are given a unique source MAC address.

o The first four bytes of the source MAC address are all zero: 00.00.00.00
o The fifth byte of the source MAC address is a "magic" number, a number that encodes
critical information in a way intended to be opaque. Its value indicates its purpose:
Default Value Of Fifth Byte Purpose

0xfe CCP traffic

0xfd Forwarding layer traffic

o The sixth byte is the ID of the source cluster member

When multiple clusters are connected to the same Layer-2 segment, setting a unique value to the fifth
byte of the MAC source address of each cluster allows them to coexist on the same Layer-2 segment.

Changing a Cluster's MAC Source Address

To change a cluster's MAC source address:

Run these commands on each cluster member.

fw ctl set int fwha_mac_magic <value>

fw ctl set int fwha_mac_forward_magic <value>

The default values of the parameters fwha_mac_magic and fwha_mac_forward_magic appear in

the following table:
Parameter Default
value

fwha_mac_magic 0xfe

fwha_mac_forward_magic 0xfd

Use any value as long as the two gateway configuration parameters are different. To avoid confusion,
do not use the value 0x00.

Making the Change Permanent

You can configure the above parameters to persist following reboot.
1. Use a text editor to open the file fwkern.conf, located at $FWDIR/boot/modules/.
Add the line Parameter=<value in hex>. Make sure there are no spaces.