VRRP over sub-interfaces will work well 99% of the time.
That being said, I just visited a colleague of mine who is
a government contractor and
he told me the cisco VoIP apps do not work well with VRRP
over sub-interfaces.
Specifically, he has Cisco Call Manager and Cisco Unity
Servers sitting on one of
Nokia sub-interfaces and weird problems happened, calls
get dropped for no reasons.
After he moved Cisco Call Manager and Unity Servers into a
dedicate VLAN of a
Nokia physical interface, his VoIP applications start
working again.
For most Webs applications, VRRP sub-interfaces will work
fine.
my 2c.
Rajeev Gupta <rgup14 GMAIL.COM> wrote:
Thanks to all for your valued inputs!
Rajeev
On 3/2/06, stéphane bertrand wrote:
> Hi,
>
> No worries, you wont' have any problem dealing with
VRRP sub-int.
> This subjetct is half about Nokia and half about C.P.
>
> At CP level, think to add VRRP interface in your
topology Object (and
> cluster), or you will have 2 Masters Fw (no comment
about this
> end-of-world situation)
>
> At the appliance level, just be aware of this fact:
>
> * If you have already configure the VRRP interface
eth-s1-p1-c0, and
> after you proceed to the sub-division of the interface,
>
> * IF you keep the same IP to eth-s1-p1-c1, you
could have an odd VRRP
> behavior !
>
> => Delete the VRRP interface before !!! (because of
the risk of
> corruption of the VRRP config file)
>
> Otherwise in case of VRRP corruption, here is a usefull
procedure to
> allows you to delete the VRID or the VRRP.
>
> -------! ! This will interrup connections ! ! -------
> 1- Execute this commande in cd/config/ "sort
active > /config/db/fixed"
> 2- Edit the file "fixed" and manually
delete all the line you need
> (for example:
ipsrd:instance:default:vrrp:interface:eth-s1p1-c0;viretualro
uter:N°VRID)
> 3- Save,
> 4- From Voyager; for: "database files currently
available", select "Fixed"
> 5- Apply + Save
> 6- In voyager: "Save new current databse"
and delete the "fixed" file
>
> Enjoy,
> Steven
>
>
> 2006/3/1, Rajeev Gupta :
> > Hi,
> >
> > Firewall has just three interfaces -
internal/external and a third for
> > the sync - internal would be vlan'ed - three
sub-interfaces - would
> > like to implement VRRP over these sub-interfaces
and the internal
> > interface. - External's would have normally
configured VRRP (obviously
> > no vlan's)
> > Any experiences if VRRP would gracefully work on
the internal
> > sub-interfaces in this environment?
> >
> > Would highly appreciatie your valuable feedback.
> >
> > Thanks,
> >
> > Rajeev
> >
>
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERVamadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http:
//www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ownerts.checkpoint.com
=================================================
|