MULTICAST MAC-ADDRESS support for firewall cluster

Francesco Soffia_1 · ‎06-17-2013

hallo

we have to make a firewall cluster in active/active mode ( 2 watchguard firewalls).

Cluster uses MULTICAST MAC- ADDRESS for all interfaces that send network traffic.

We need an hp switch model, possibly layer2 managed, that supports MULTICAST MAC-ADDRESS and does not filter/block theese addresses.

Someone have just done similar configs ?

best regards

Francesco

BMNetworks · ‎01-28-2014

Hello,

did you found a solution? I added the multicast mac addresses für external and trusted to our HP A5500 switches (irf-stack) but I get no internet connection

Thanks

Chrisd131313 · ‎01-30-2014

Hi Francesco Soffia_1,

Any layer2 switch should suffice. The Multicast packets are not filtered/dropped. They will be broadcast to all switch ports, so you will just increase you *cast traffic. The best way is to put your firewalls in another VLAN so to limit the casting of the cluster traffic. I am no expert on this topic, so maybe someone else has some input, but I would not see there beign too many issues as long as you have your tagging/routing setup correctly on the firewall cluster ports.

issues may arise if you are trying to connect from outside of the subnet the firewalls are in so you would then need to add static arp entries on routers for the multicast mac address pointing toteh clusters VIP.

HTH

EDIT: not sure if the follwing post will help you at all...

http://h30499.www3.hp.com/t5/ProCurve-ProVision-Based/Static-ARP-entry/td-p/4162889#.Uutn7khFC_4

-----------------------------------------------------

Don't forget to mark a post resolved if your question was answered.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

MULTICAST MAC-ADDRESS support for firewall cluster

MULTICAST MAC-ADDRESS support for firewall cluster

Re: MULTICAST MAC-ADDRESS support for firewall cluster

Re: MULTICAST MAC-ADDRESS support for firewall cluster