PO VSX Course 6 VSX - Util

The vsx_util
VSX Management maintenance tool
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd.
Course Timetables
Day 1 Day 2 Day 3
9:00 Course Introduction VSX Clustering VSX Conversion
10:00 RC & QoS

vsx_utill
R75.40VS VSX Gaia VS CTX & New Features
11:00
Introduction (Conversion, SNMP, JF)
12:00 Mgmt. Implementation L2 VS
13:00 Lunch Break
14:00
VSX Networking GW Implementation
15:00
Meeting with Check Point
R&D
16:00
VSX CoreXL Affinity &
Debug & Troubleshooting
Memory RC
17:00
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd. 2
vsx_util
vsx_util is a tool for performing VSX maintenance

activities.
vsx_util is a CPMI client that connects to the
Management server (Main CMA in case of
Provider-1), just like SmartDashboard.
The Management machine from which vsx_util is run
must be defined as a GUI client (just like SDB)
Not supported for the (very old) version of VSX NG AI
and below.
vsx_util reconfigure / add_member_reconf
Used to deploy an existing configuration on a freshly

installed Gateway / Cluster Member
Useful after a machine hardware failure
Used also after upgrading module to a new version.
vsx_util reconfigure limitations and common
errors
Limitations
The new module must have the same configuration as the reconfigured
member (same number of interfaces, management IP etc.)
The module must be newly installed without any previous VSX
configuration
Common Errors:
vsx_util reconfigure asks to re-install policy on the VSX and run the
command again
The message occurs when the reconfigure process cannot retrieve the name
of the policy installed on the VSX Gateway/Cluster
This might happen after the Management was upgraded using upgrade_import
from a version older than R61
Workaround: copy $FWDIR/state/links.C from the original Management
vsx_util upgrade
Used for upgrading VSX Cluster/Gateway to NGX and

newer versions
Updates the VSX related objects in the Management
database to the new version
For instance, upgrade from VSX NG AI to VSX NGX or
higher will convert all the VSX related objects to comply with
the Single IP model
After running vsx_util upgrade, vsx_util reconfigure has to

be run to configure the freshly installed Gateway/Cluster
Members with the VSX configuration.
vsx_util add_member / remove_member
vsx_util add_member
Used to add a member to an existing VSX Cluster
configuration
After running add_member, vsx_util add_member_reconf
needs to be run to configure the new member with the VSX
configuration
vsx_util remove_member
Used to remove a member from an existing VSX Cluster
configuration
Can be performed only if the VSX Cluster has at least 3
members
vsx_util change_private_net
Used to change the VSX Cluster Private Network on an

existing Cluster configuration
Limitations:
The new Cluster Private Network must not be used
anywhere behind the VSX Cluster/Gateway or its Virtual
Systems
The new Cluster Private Network has to match the private
network mask 255.255.252.0
vsx_util change_mgmt_ip
Used to change the management IP address of VSX

member/ gateway.
Limitations:
The IP address should stay in the same subnet.
Not supported in Non Dedicated Management Interface
mode.
vsx_util change_mgmt_subnet
Used to change the management IP of a VSX

cluster/gateway to a new subnet.
Allows to change the VSX cluster management IP,
VSX members management IP and the management
subnet mask.
Limitations:
Not supported in Non Dedicated Management Interface
mode.
vsx_util vsls
Displays the current Virtual System Load Sharing (VSLS)

configuration as it appears in the management database,
and allows exporting to CSV.
The displayed configuration is the desired state. It does

not necessarily reflect the actual configuration on the
Cluster Members.
In case the Cluster Members encounter a certain problem,
they might not enforce the desired VSLS configuration
vsx_util vsls (was redistribute_vsls)
Distributes the Virtual Systems among the VSX Cluster

Members.
vsx_util suggests the following options:
Automatically distribute the Virtual Systems over all Cluster
Members in a way that all Cluster Members are equally
loaded.
Have all Virtual Systems active on the same Cluster
Member
similar to ClusterXL mode High Availability, except for the
fact that for each Virtual System there is only one Standby
Cluster Member while the rest of the Cluster Members are
backup
Manually configure the weight and members priority list for
a specific Virtual System
Import priority and weight from a CSV.
vsx_util vsls (was redistribute_vsls) cont.
Notes:
A Virtual System is created with a default weight (10)
Changing the weight of a Virtual System will only have
influence when the Priority List for a new Virtual System is
calculated
For the new configured weight to take effect immediately, the
Virtual Systems need to be redistributed automatically
among all Cluster Members
The redistribution is a rather heavy operation because it

might trigger Virtual System Failovers from one Cluster
Member to another
vsx_util convert_cluster
Converts the ClusterXL mode to one of the following:

High Availability All Virtual Systems are active on the same
Cluster Member, the other members are in standby state
Virtual System Load Sharing The active Virtual Systems
are spread among all Cluster Members to equally balance
the load over all Cluster Members
Each Virtual System is active on one Cluster Member, Standby
on another Cluster Member and in backup mode on the rest of
the Cluster Members (not resources consuming)
vsx_util view_vs_conf
Displays Virtual Device configuration on Management

versus VSX gateways
Displays the interface configuration table and the routing
table of the Virtual Device
Used to see if there is a configuration mismatch between
what is defined on the management and the VSX
gateways
vsx_util activate_plugin
Used to activate the VSX Plug-in on all customers

managing Virtual Devices of a specific VSX.
Should be run before upgrading VSX to VSX NGX
R65/R67 version.
Runs only in Provider-1 environment.
Relevant only for R65 management.
vsx_util change_interfaces
Used to replace between interfaces in an existing configuration
Management Only Mode:
Changes the management database only.
Very useful to convert from open server to CheckPoint appliance
Should only be used with freshly installed Gateway/Cluster
members
New Configuration will be applied to the VSX members using
vsx_util reconfigure.
Push configuration to VSX Gateway/Cluster members immediately

mode:
Changes are applied to the VSX Gateway/Cluster members
immediately
Very useful when adding new bond interfaces to an existing
configuration
Displays a summary report with individual status per virtual device

vsx_util show_interfaces
Displays information about interfaces configuration on the

Management
Displays the type of interface, the virtual device it is connected to in the

VSX, IP address and netmask
Output is displayed on screen and saved to interfacesconfig.csv file
vsx_util orphans_cleaner
This is a hidden tool, not revealed to customers

Meant to clean the database in case it is incoherent
Goes over all slots on the Main CMA and makes sure they
have a matching Network Object on their Target CMAs. If
not deletes them
Has read-only mode recommended in first run
Resume capabilities
The following actions support resume:

reconfigure / add_member_reconf
upgrade
add_member
remove_member
change_private_net
change_mgmt_ip
change_mgmt_subnet
change_interfaces
vsx_util remembers the point of failure and when it is

executed again, it will continue from there.
Thank you !
Please proceed to lab 5, 6
[Restricted] ONLY for designated groups and individuals 2012 Check Point Software Technologies Ltd.

PO VSX Course 6 VSX - Util

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

PO VSX Course 6 VSX - Util

Transféré par

Droits d'auteur :

Formats disponibles

The vsx_util

VSX Management maintenance tool

Day 1 Day 2 Day 3

9:00 Course Introduction VSX Clustering VSX Conversion

10:00 RC & QoS

13:00 Lunch Break

vsx_util is a tool for performing VSX maintenance

Used to deploy an existing configuration on a freshly

Used for upgrading VSX Cluster/Gateway to NGX and

After running vsx_util upgrade, vsx_util reconfigure has to

Used to change the VSX Cluster Private Network on an

Used to change the management IP address of VSX

Used to change the management IP of a VSX

Displays the current Virtual System Load Sharing (VSLS)

The displayed configuration is the desired state. It does

Distributes the Virtual Systems among the VSX Cluster

The redistribution is a rather heavy operation because it

Converts the ClusterXL mode to one of the following:

Displays Virtual Device configuration on Management

Used to activate the VSX Plug-in on all customers

Push configuration to VSX Gateway/Cluster members immediately

Displays a summary report with individual status per virtual device

Displays information about interfaces configuration on the

Displays the type of interface, the virtual device it is connected to in the

Output is displayed on screen and saved to interfacesconfig.csv file

This is a hidden tool, not revealed to customers

The following actions support resume:

vsx_util remembers the point of failure and when it is

Vous aimerez peut-être aussi