1. Manuals
  2. Brands
  3. Tavve Manuals
  4. Firewall
  5. zoneranger
  6. User manual

Tavve zoneranger User Manual page 39

Hide thumbs
Table of Contents

Advertisement

Virtual IP
Redundant ZoneRangers may be configured with a Virtual IP, forming a VIP Cluster.. Within a VIP
Cluster, a virtual IP address is defined and shared across a set of redundant ZoneRangers. At any given
time, one of the ZoneRangers will be active with respect to the virtual IP address (i.e. it is configured to
receive traffic destined for the virtual address), while the others will be passive. If the passive
ZoneRangers detect that the active ZoneRanger has failed, or is no longer communicating, one of the
passive ZoneRangers will become active, so that there should always be a healthy ZoneRanger able to
receive and process traffic directed towards the virtual address.
The advantage of creating a VIP Cluster is that managed devices can be configured to forward protocol
traffic such as SNMP traps, Syslog messages, NetFlow messages or sFlow messages to a single address
(i.e. the virtual IP address), and whatever ZoneRanger happens to be active on that address at that time
will relay the traffic to the intended management application(s) via one or more Ranger Gateways.
Note that in addition to the virtual IP address, each ZoneRanger also will have its own unique real
address. As such, an alternative to using virtual IP is to configure managed devices to forward
management protocol traffic to multiple ZoneRangers, specifying the real IP address in each case. In the
case of SNMP traps, and Syslog messages, each Ranger Gateway will remove the duplicate traffic, so
that each actual trap or message should only be forwarded once to the listening management
applications. This approach minimizes the possibility of lost traps or messages, at the cost of increased
management traffic (e.g. the managed device must forward each SNMP trap or Syslog message multiple
times). Creating a VIP Cluster will eliminate this additional traffic, at the cost of the possibility of lost
traffic during the brief period of time that it will take for a passive ZoneRanger to detect that the active
ZoneRanger has failed, and to become active.
Figure 13-3. Redundant ZoneRanger within a VIP Cluster
Note that in this figure, ZR-2 is currently active, with respect to the VIP address (10.1.1.60), while the
other three ZoneRangers are currently passive. Managed devices, in this case would typically be
configured to forward traffic such as SNMP traps and Syslog messages to the 10.1.1.60 address.
ZoneRanger 5.5 User's Guide
39
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents