System communication interfaces for Master Engines
Physical Interfaces correspond to network ports on the Master Engine. By default, the numbering of the Physical Interfaces in the Management Client corresponds to the operating system interface numbering on the engine. For example, Interface ID 0 is mapped to eth0, and Interface ID 1 is mapped to eth1. However, the mapping is not fixed and you can change it through the Engine command line.
The types of Physical Interfaces that you can define for the Master Engine system communications depend on the role of the hosted Virtual Engines:
Role | Interface Type | Explanation |
---|---|---|
Virtual Firewall | None | Corresponds to a single network interface on the Master Engine appliance. |
Aggregated Link in High Availability Mode | Represents two interfaces on the Master Engine appliance. Only the first interface in the aggregated link is actively used. The second interface becomes active only if the first interface fails. If you configure an Aggregated Link in High Availability mode, connect the first interface to one switch and the second interface to another switch. |
|
Aggregated Link in Load Balancing Mode | Represents up to eight interfaces on the Master Engine appliance. All interfaces in the aggregated link are actively used and connections are automatically balanced between the interfaces. Link aggregation in the Load Balancing Mode is implemented based on the IEEE 802.3ad Link Aggregation standard. If you configure an Aggregated Link in Load Balancing Mode, connect all interfaces to a single switch. Make sure that the switch supports the Link Aggregation Control Protocol (LACP) and that LACP is configured on the switch. |
|
Virtual IPS | Normal Interface | Corresponds to a single network interface on the Master Engine appliance. Only Normal Interfaces can be used for Master Engine system communications when the hosted Virtual Engines are in the Virtual IPS role. |
Virtual Layer 2 Firewall | Normal Interface | Corresponds to a single network interface on the Master Engine appliance. Only Normal Interfaces can be used for Master Engine system communications when the hosted Virtual Engines are in the Virtual Layer 2 Firewall role. |
If the Master Engine is a cluster, it is recommended to add at least two layer 3 Physical Interfaces for the Master Engine:
- An interface for communications between the Management Server and the Master Engine. Note: We recommend that you do not use the IP address of an Aggregated Link interface as the primary or secondary control IP address of the Engine.
- An interface for the heartbeat communications between the Master Engine nodes. The heartbeat traffic is critical to the functioning of the cluster, so it is highly recommended to have a
dedicated physical interface as the heartbeat interface.
You cannot use a shared interface as a heartbeat interface.