EngDev

Back to Library

IPSEC/vsrx Redundancy Solution in AWS 

01-06-2022 12:07

IPSEC/vsrx Redundancy Solution in AWS

 

Problem Statement

 

  • IPsec redundancy with dual vSRX is one of the critical customer requirements.
  • Existing Chassis Cluster/ High Availability solutions rely on L2 layer for session-sync and data failover
  • Public clouds such as AWS, Azure, etc. do not support L2 traffic or Multicast
  • Traditional methods of session sync will not work in public cloud environments

 

Design Principles/ considerations

 

  • Reliability:
    • Tunnels redundancy
    • Firewall nodes redundancy
    • Availability Zones/Geo-redundancy
    • High Availability Networking
  • Leverage AWS services
    • CloudWatch for health-check
    • Lambda/Server-less compute for VPC internal route change
    • Does not need any new effort from Engineering
    • Cost effective
  • Failover Factors
    • Instance Status: Stopping, pending, shutting down
    • CloudWatch metrics: vSRX CPU utilization, Interface Input and Output PPS and other metrics…

https://github.com/Juniper/vSRX-AWS/tree/master/IPSec-HA
Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.