|
|
|
Whether to choose a Load Sharing (Active / Active) or a High Availability (Active / Standby) mode depends on the need and requirements of the organization.
A High Availability cluster mode ensures fail-safe connectivity for the organization.
A Load Sharing cluster mode provides the additional benefit of increased performance.
Important:
|
Load Sharing Multicast Mode - This is an efficient way to handle a high load because the load is distributed optimally between all cluster members. Load Sharing Multicast mode associates a multicast MAC with each unicast cluster IP address. This ensures that traffic destined for the cluster is received by all members. The ARP replies sent by a cluster member will therefore indicate that the cluster IP address is reachable via a multicast MAC address.
Load Sharing Unicast Mode - Some routing devices will not accept ARP replies. For some routers, adding a static ARP entry for the cluster IP address on the routing device will solve the issue. Other routers will not accept this type of static ARP entry.
Another consideration is whether your deployment includes routing devices with interfaces operating in promiscuous mode. If on the same network segment there exists two such routers and a ClusterXL Security Gateway in Load Sharing Multicast mode, traffic destined for the cluster that is generated by one of the routers could also be processed by the other router.
For these cases, use Load Sharing Unicast Mode, which does not require the use of multicast for the cluster addresses.
If you wish to provide High Availability or Load Sharing to an existing Security Gateways configuration, we recommend taking the existing IP addresses from the Active Security Gateway, and make these the Cluster Virtual IP addresses, when feasible. Doing so will avoid altering current IPsec endpoint identities, as well keep Hide NAT configurations the same in many cases.
