FW/IPSec VPN Buyer’s Guide
3. Fault Tolerant – High Availability, Resiliency
Device, itself, provides |
|
|
| |
redundancy: |
|
|
| |
o | Yes |
|
| |
o | Redundant | Yes |
|
|
| components |
|
|
|
o | (fans/power supplies) |
|
|
|
Port Density | Yes |
|
| |
Supports dynamic routing |
|
| Enables the survival of | |
protocols: |
|
| failures at the transport level | |
o | OSPF | Yes |
| |
o | BGP | Yes |
| components of resiliency |
o | RIP | Yes |
|
|
High Availability (HA) |
|
|
| |
Configurations to reduce single |
|
|
| |
point of failure: |
|
|
| |
o | Stateful (sharing | Yes |
|
|
| session information) to |
|
|
|
o | maintain connections | Yes |
|
|
VPN sync (sharing |
|
| ||
| VPN information to |
|
|
|
| maintain security |
|
|
|
| association in the |
|
|
|
o | event of a failure) | Yes |
|
|
|
| |||
| (one device |
|
|
|
| processing traffic, with |
|
|
|
| the second device as a |
|
|
|
o | Yes |
|
| |
|
| |||
| devices processing |
|
|
|
o | traffic) | Yes |
|
|
|
| |||
| mesh HA to survive a |
|
|
|
| failure up or |
|
|
|
| downstream from |
|
|
|
| device |
|
|
|
Redundant physical |
|
|
| |
connections (e.g. connections |
|
| Note: need to support | |
to different service providers) | Yes |
| dynamic routing to do this | |
Alternate transport options, |
|
|
| |
such as: |
|
|
| |
o | DSL | Yes |
|
|
o | Dial | Yes |
|
|
A high Mean Time Before | Yes, using Bellcore |
|
| |
Failure (MTBF) expectancy | MTBF calculations |
|
| |
VPN Specific |
|
|
| |
Ability to run dynamic routing |
|
|
| |
through its tunnels to | Yes, Dynamic Route- |
|
| |
automatically learn the network | based VPNs (Best |
|
| |
and route around failures | Path VPNs) |
|
| |
Product’s HA performs VPN |
|
| Note: most routers cannot | |
sync (sharing VPN state |
|
| offer this functionality | |
information) to maintain the |
|
|
| |
VPN connection in the event of | Yes |
|
| |
a failure |
|
|
|
|
Copyright © 2004, Juniper Networks, Inc. | 13 | |||