Why does every interface in a cluster of network devices needs its own IP address?

0

When I have a cluster of i.e. firewalls handling multiple networks, why do they all need their own IP address additionally to the virtual cluster IP address? Isn't this a waste of addresses?

EDIT: I know that there has to be a Mgmt-IP to reach the FWs, but let there be an example.

       Virtual       FW1         FW2
Mgmt      -         10.0.0.2   10.0.0.3
Net A  10.2.0.1     10.2.0.2   10.2.0.3
Net B  10.3.0.1     10.3.0.2   10.3.0.3
Net C  10.4.0.1     10.4.0.2   10.4.0.3

I can manage my firewalls with the address 10.0.0.2 and 10.0.0.3 and reach the cluster with 10.*.0.1. Why do I need the other *.2 and *.3 addresses?

Lithilion

Posted 2019-07-25T11:06:14.010

Reputation: 145

Answers

1

(You did not state your operating system and topology, but it does not matter, I don't do Cisco anyway.)

One reason would be that FW2 (10.4.0.3) can check on Net C whether FW1 (10.4.0.2) is still present there (+edit:) and look and test for problems inside Net C. If there is a problem on Net C with FW1 in charge, this helps with (automatic) diagnosis. Initiating a failover because "something is wrong" is not advisable.

(+edit: You mentioned only 10.* addresses. If you have internal official addresses, only the firewalls need additional/redundant ones, with good justification from system importance and functional necessity.) 10...* addresses are cheap, actually they are for free. ;-) But People should allocate within reason. If all of them are reserved (and nobody needs 16 million addresses), they become very expensive in a sudden.

P.S. Cannot comment, have to add information in this answer.

Aquilifer

Posted 2019-07-25T11:06:14.010

Reputation: 46

What about non-private addresses? They are not for free, and actually quite expensive. – Lithilion – 2019-07-28T08:50:34.567

Asked: 2019-07-25T11:06:14.010

Viewed: 48 times

Active: 2019-07-29T08:08:58.110