Re: [FW1] Nokia/VRRP questions

Tue, 13 Jun 2000 15:11:50 -0700 


VRRP monitored circuit can be used to move any or all interfaces over to 
the backup firewall.  So it the internal side dies, everything is moved and 
packets from the outside are automatically redirected to the backup 
interface.  The key to this is the virtual IP that is the only IP the 
outside routers know about, and it moves from primary to backup as 
needed.  This works if you apply the same priorities to all interface 
pairs.  It is possible to create a setup where the failure of interface A 
can cause interfaces A, B, C to fail over, but leave interfaces D and E 
still on the primary.  This can cause very odd problems, or can be very 
useful if that is what you want.

hermit1

At 04:22 PM 6/13/00 -0400, Brandon Applegate wrote:

>Greetings all,
>
>I am looking at the Nokia boxes, espeically appealing is their out of the
>box VRRP/sync functionality.  My disclaimer is that aside from reading the
>RFC, I am VRRP ignorant.  A few questions come up though:
>
>1)      If a given box is master on both the inside and outside, and if 
>something on the inside
>         (a switch) dies, the inside hosts are going to be switched over 
> to the backup (second)
>         Nokia on the inside.  But what if on the outside, your upstream 
> is routing down to you
>         and the box with the severed inside interface is the master on 
> the outside. Arent the
>         packets then piling up with nowhere to go ?
>
>2)      Continuing on with #1, can the interfaces be 'mated' ?  So that if 
>one interface loses
>         contact with it's VRRP neighbor(s), that it can take another (or 
> all) VRRP
>interfaces out  of commission (self-destruct of sorts)?  This way, you
>wouldnt need to worry about #1.
>
>I'm sure this has been covered before, but I haven't seen it.  Please feel
>free to reply off-list as well.
>
>Brandon Applegate - CCNP, CCDP
>Senior Network Engineer - Intelliseek, Inc.



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to