I am looking into HA for a gateway/firewall and looking at VRRP and non protocol alternatives.
In a lab scenario i have tested a clone router,called backup, for the master router that has the same internal and external Ip's but the ports that link those interfaces with the switches,NAT side and WAN side, are disabled on backup router.
The backup router on a separate interface is monitoring connectivity to the master router and if it sees that master is down it enables interfaces picking up traffic.
The mechanism has been tested and it fails over in less then 10 sec(with some purging of the firewall connection table).
What are some disadvantages of this method over VRRP?
No comments:
Post a Comment