GSS Hardware Installation

Jul 20th, 2007

There are two ethernet ports on the GSS. I can't find any documentation on the use of the second port, what is it for and how would I configure it? Is it for failover, HA, or for inline operation?


Syed Iftekhar Ahmed Fri, 07/20/2007 - 09:59

Two interfaces on GSS gives you flexibility to use different ports for "Inter GSS communication" and "Keepalive traffic".

(Inter GSS Communication: All the GSSs send their status information to primary GSSM and theprimary GSSM synchronize its database with standby GSSM

Keepalive Traffic: Keepalives sent to VIPs & Servers to get their health status).

Syed Iftekhar Ahmed

ricklarin Fri, 07/20/2007 - 10:34

Thanks Syed. I have looked at the admin guides but can't find any supporting information. For example, is it recommended for the second ethernet to sit in a dedicated vlan, etc. Any documentation would be helpful.

Syed Iftekhar Ahmed Fri, 07/20/2007 - 12:00

I think you should get details in admin guides...

What I can tell you is that TCP keepalives (which also includes http keepalives) can only use one interface (by default eth0 is set for this). The interface used for this purpose can be selected using "gss-tcp-keepalives" intefcae level CLI command.

Similarly inter-GSS communication can also use only one interface (default is eth0 again).You can select interface for this purpose using "gss-communications" interface level CLI command.

In scenarios where a seperate VLAN exist for out of management, its recommneded to use ethernet1 for management purposes.

You can configure GSS, such that it allows management traffic using ACLs (SSH,snmp,ntp,ftp) only on ethernet1.

You cant use same ACL on both interfaces.You will need to define different ACLs for eth0 & eth1.

Another requiremnet for Inter-GSS communiaction is that there should not be a NAT device between GSSs in a network. Inter-GSS traffic headers use IPs assigned to GSS to communicate. In order to overcome this restriction you can assign one GSS interface for Inter gss caommunication and bypass NAt device.

hope it helps

Syed Iftekhar Ahmed


