[j-nsp] Quick Question About HA Setup
Pavel Lunin
plunin at senetsy.ru
Mon Jul 16 11:08:42 EDT 2012
16.07.2012 16:49, Spam пишет:
> Thanks for the info guys. I know it is not a recommended solution, but I
> have
> 2 ISP links in 2 different locations, which are connected together via a
> single 10GB
> vlan trunk between 2 switches, so I'm kinda stuck.
>
>
I'd say the idea of splitting a firewall cluster into two geographically
remote parts is itself worth to be revised twice. The chassis
interconnect pitfalls are not the main caveat in such a design.
The most important thing about FW clusters (or even any other statefull
devices, like, say, BRAS) is that it's not just about the firewalls.
It's even mostly not about firewalls but about integrating them with the
rest of the network infrastructure. It also involves resilient solutions
for routing and especially switching.
I am not saying it's impossible, but I am just sure that a better
solution exists in almost all cases.
More information about the juniper-nsp
mailing list