[j-nsp] SSG5 Dual WAN failover functionality
Jason Lixfeld
jason at lixfeld.ca
Wed Apr 15 12:36:15 EDT 2009
I'm pretty new to Juniper, so please forgive any blatant missteps in
terminology.
I've got a requirement to build three sites using SSG5s. The three
sites will all have dual WAN - PPPoE DSL and DHCP cable. We will be
using provider space for the dual WANs, so we won't be using our own
IP space, BGP or anything of the like; only static routing to 0/0 to
one of the two WANs.
The three sites will be meshed with LAN to LAN IPSec tunnels. I
understand I'll need to build two meshes on each device; one for each
WAN circuit because they will both have two different WAN IPs.
Can the SSG5 intelligently sense that a WAN link is broken and
failover to the other? In the DSL and Cable worlds, rarely is an
outage caused by a hard link failure, rather something in between
causing traffic to stop. Can the SSG5 detect outages such as this and
make a decision to fail over? Can it also make the same determination
in order to fail back once the primary WAN link has been restored? If
I have two IPSec meshes, can SSG's do any sort of IPSec WAN tracking
so the only one mesh is up at at time?
More information about the juniper-nsp
mailing list