I manage MWG cluster (5xwg5500). It works in Proxy HA mode.
All of machines are connected to 2 different network segments (internal net and external net). These network segments are on two independent pair of switches.
Internal interfaces of all appliances are connected to internal network through 2 switches (2 mwg to one switch and 3 mwg to another switch)
also, external interfaces of all appliances are connected to external network through 2 switches (2 mwg to one switch and 3 mwg to another switch).
there is also additional network, dedicated to mwg flows and this network is connected to appliances through external switches (2 mwg to one switch, 3 mwg to second switch).
Two appliances are working also as directors. Virtual IP is an ip address of internal network. VRRP interface is interface connected to this third, additional network through external pair of switches.
Management ip addresses belongs to external network.
In this scenario, breakdown one of the internal switch causes a partially production outage, becouse active director can see all of scanners active(through external network) and directs flows to them.
I tested this scenario in test environment and behavior was similar.
mfend-lb -l shows that all scanners are OK. mfend-lb -s shows that some flows are directed to proxy which has internal network disconnected and all of these flows fails.
The question is that, is there any soloution to monitor multiple network segments, and turn off a service on appliance on which one of network interface goes down.
Message was edited by: shprot
I have added some kind of diagram. i hope it could be helpful. on 5/9/13 2:06:57 AM CDT
Thank you for the details. I may need further clarification but I'll give it a shot.
Is there a reason to not have the VRRP interface / management IP be eth0 instead of the external interface (eth1/eth2)? Reason being is that the health check / VRRP communication would still be happening and the no new MWG needs to take over. This is why things failed on the client side (rather than external side).
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.