[j-nsp] FW configuations which are required during failover of one db to other !!

Jonathan Lassoff jof at thejof.com
Sun Jul 22 12:46:17 EDT 2012


On Sun, Jul 22, 2012 at 8:06 AM, Harri Makela <harri_makela at yahoo.com> wrote:
> Hi All
>
> Application Server connecting successfully to DataBase Server01 (db01). This DB01 now need to mirror to db02 and port 5022 will be used.
>
> Requirement : Application Servers which currently access DB01 should be able to access DB02 when failover to DB02 will happen.
>  From FW perspective, I am not sure how I`ll add the failover on FW ? As per my understanding, I just have to add the FW policies as per flow i.e. SRC --> DST  --> Port and rest will be done from SQL end.

This depends on how you're doing failover. Two ways that I can think of:

If it's purely application-layer, and your clients will fail over to
connecting to db02 somehow, just be sure and have policy that allows
connections to db02's IP.
- Failover and test this out.

If it's a VIP, High Availability IP, or some other mechanism that
moves connections to the IP from one host to the other, do nothing.
Your firewall should allow new connections to form normally. However,
you may still see some sessions that are established but for which
there is no matching connection on the host. These may time out or
attempt closure after a while.

--j


More information about the juniper-nsp mailing list