Skip to main content (Press Enter).
Sign in
Skip auxiliary navigation (Press Enter).
Contact Us
Terms and Conditions
Skip main navigation (Press Enter).
Toggle navigation
Search Options
Elevate
EngNet
Elevate
Communities
All Communities
My Communities
Answers
Ideas and Innovation
Rise with Us
My Elevate
My Profile
My Communities
My Contacts
My Contributions
My Inbox
Events
Browse
Discussion Posts
Library Entries
Participate
Help/FAQs
Become A Member
Communities
Library
View Entry
EngDev
Back to Library
IPSEC/vsrx Redundancy Solution in AWS
0
Recommend
01-06-2022 12:07
Jacky
IPSEC/vsrx Redundancy Solution in AWS
Problem Statement
IPsec redundancy with dual vSRX is one of the critical customer requirements.
Existing Chassis Cluster/ High Availability solutions rely on L2 layer for session-sync and data failover
Public clouds such as AWS, Azure, etc. do not support L2 traffic or Multicast
Traditional methods of session sync will not work in public cloud environments
Design Principles/ considerations
Reliability:
Tunnels redundancy
Firewall nodes redundancy
Availability Zones/Geo-redundancy
High Availability Networking
Leverage AWS services
CloudWatch for health-check
Lambda/Server-less compute for VPC internal route change
Does not need any new effort from Engineering
Cost effective
Failover Factors
Instance Status: Stopping, pending, shutting down
CloudWatch metrics: vSRX CPU utilization, Interface Input and Output PPS and other metrics…
https://github.com/Juniper/vSRX-AWS/tree/master/IPSec-HA
Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads
Related Entries and Links
No Related Resource entered.
Copyright � 2020 Elevate Community | Juniper Networks. All rights reserved.
https://www.juniper.net/assets/scripts/global-nav.js
https://events.juniper.net/assets/scripts/custom/events.js
Powered by Higher Logic