Typical installations
Issue 5 June 2008
605
Typical failover applications
Introduction to the failover mechanism
The failover mechanism provides switchover to backup peers in case of remote peer failure. To
enable the failover mechanism, you must:
●
Configure VPN keepalives, which check the remote peer periodically and announce when
the remote peer is dead
●
Provide backup peers and a mechanism for switching to a backup in case of remote peer
failure
In addition to the GRE failover mechanism (see
Failover using GRE
on page 606), the
G250/G350 supports several additional failover mechanisms, as described below.
Configuring VPN keepalives
VPN keepalives can dramatically improve the speed with which the G250/G350 detects loss of
connectivity with the remote VPN peer. Two types of VPN keepalives are available. You can use
either or both methods:
●
Enable DPD keepalives, a standard VPN keepalive, that check whether the remote peer is
up. This type of detection can be used only if it is supported also by the remote peer.
●
Bind peer status to an object tracker. Object trackers track the state (up/down) of remote
devices using keepalive probes, and notify registered applications such as VPN when the
state changes. Object tracking allows monitoring of hosts inside the remote peer’s
protected network, not just of the remote peer itself as in DPD.
Backup peer mechanism
You can use any one of these alternate backup peer mechanisms:
●
DNS server (see
Failover using DNS
on page 613). This method utilizes the G250/G350’s
DNS resolver capability for dynamically resolving a remote peer’s IP address via a DNS
query.
Use this feature when your DNS server supports failover through health-checking of
redundant hosts. On your DNS server, configure a hostname to translate to two or more
redundant hosts, which act as redundant VPN peers. On the G250/G350, configure that
hostname as your remote peer. The G250/G350 will perform a DNS query in order to
resolve the hostname to an IP address before establishing an IKE connection. Your DNS
server should be able to provide an IP address of a living host. The G250/G350 will
perform a new DNS query and try to re-establish the VPN connection to the newly
provided IP address whenever it senses that the currently active remote peer stops
responding. The G250/G350 can sense that a peer is dead when IKE negotiation
times-out, through DPD keepalives, and through object tracking.
Summary of Contents for Media Gateway G250
Page 1: ...Administration for the Avaya G250 and Avaya G350 Media Gateways 03 300436 Issue 5 June 2008 ...
Page 24: ...Contents 24 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 32: ...Introduction 32 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 38: ...Configuration overview 38 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 244: ...Configuring logging 244 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 258: ...Configuring VoIP QoS 258 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 370: ...Configuring SNMP 370 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 548: ...Configuring the router 548 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 664: ...Configuring policy 664 Administration for the Avaya G250 and Avaya G350 Media Gateways ...
Page 686: ...Setting synchronization 686 Administration for the Avaya G250 and Avaya G350 Media Gateways ...