Cisco Cisco Email Security Appliance C650 Guía Del Usuario
8-27
Cisco IronPort AsyncOS 7.5 for Email Advanced Configuration Guide
OL-25137-01
Chapter 8 Centralized Management
Cluster Communication
Machines within a cluster communicate with each other using a mesh network. By
default, all machines connect to all other machines. If one link goes down, other
machines will not be prevented from receiving updates.
default, all machines connect to all other machines. If one link goes down, other
machines will not be prevented from receiving updates.
By default, all intra-cluster communication is secured with SSH. Each machine
keeps an in-memory copy of the route table and makes in-memory changes as
necessary if links go down or up. Each machine also performs a periodic “ping”
(every 1 minute) of every other machine in the cluster. This ensures up-to-date
link status and maintains the connections in case a router or NAT has a timeout.
keeps an in-memory copy of the route table and makes in-memory changes as
necessary if links go down or up. Each machine also performs a periodic “ping”
(every 1 minute) of every other machine in the cluster. This ensures up-to-date
link status and maintains the connections in case a router or NAT has a timeout.
DNS and Hostname Resolution
DNS is required to connect a machine to the cluster. Cluster communication is
normally initiated using the DNS hostnames of the machines (not the hostname of
an interface on the machine). A machine with an unresolvable hostname would be
unable to actually communicate with any other machines in the cluster, even
though it is technically part of the cluster.
normally initiated using the DNS hostnames of the machines (not the hostname of
an interface on the machine). A machine with an unresolvable hostname would be
unable to actually communicate with any other machines in the cluster, even
though it is technically part of the cluster.
Your DNS must be configured to have the hostname point to the correct IP
interface on the appliance that has SSH or CCS enabled. This is very important.
If DNS points to another IP address that does not have SSH or CCS enabled it will
not find the host. Note that centralized management uses the “main hostname,” as
set with the
interface on the appliance that has SSH or CCS enabled. This is very important.
If DNS points to another IP address that does not have SSH or CCS enabled it will
not find the host. Note that centralized management uses the “main hostname,” as
set with the
sethostname
command, not the per-interface hostname.
If you use an IP address to connect to another machine in the cluster, the machine
you connect to must be able to make a reverse look up of the connecting IP
address. If the reverse look up times out because the IP address isn’t in the DNS,
the machine cannot connect to the cluster.
you connect to must be able to make a reverse look up of the connecting IP
address. If the reverse look up times out because the IP address isn’t in the DNS,
the machine cannot connect to the cluster.
Clustering, Fully Qualified Domain Names, and Upgrading
DNS changes can cause a loss of connectivity after upgrading AsyncOS. Please
note that if you need to change the fully qualified domain name of a machine in
the cluster (not the hostname of an interface on a machine in the cluster), you must
change the hostname settings via
note that if you need to change the fully qualified domain name of a machine in
the cluster (not the hostname of an interface on a machine in the cluster), you must
change the hostname settings via
sethostname
and update the DNS record for that
machine prior to upgrading AsyncOS.