Jaycee's Networking

May 7, 2009

UTM High Availability

Filed under: Information, Security — Tags: — Jaycee @ 12:11 am

Active/active HA —  two firewalls load-balance automatically between themselves.

Active/passive HA — a hot standby system takes over when the active node goes down.

The argument here is that:

Any performance benefits achieved from an active/active configuration would pale in comparison to the guarantee that when a HA event occurs to an active/passive configuration, you’ll still have just as good performance as before the event. Because a typical HA event might be a hardware failure that could take a box out for 24 to 72 hours, having the same performance before and after would be pretty important.

With Check Point HA, called ClusterXL, Nokia IPSO clustering and Juniper HA, each device has its own IP address, and the pair also has a third IP address as well as an additional (virtual) MAC address. When an HA event occurs, the remaining node takes over the HA IP and MAC addresses, assuring that no one outside of the cluster has to adjust and traffic can keep flowing as soon as the HA event is detected — always within four second limit.

With multinode clustering, you can keep adding devices into the cluster, making it (in theory) increasingly reliable and fast. Nokia’s IP290 and Astaro’s ASG425a — offer multinode clustering, which is a potential solution to the problem of losing a single node in a high-availability environment.

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: