Clusters, New and join, Configuration is replicated among master nvgs – Nortel Networks NN46120-104 User Manual

36

Initial Setup

Clusters

All VPN Gateways are members of a cluster. A cluster can consist
of one single VPN Gateway or a group of NVGs that share the same
configuration parameters. There can be more than one NVG cluster in the
network, each with its own set of parameters and services. If the VPN
Gateway is used for SSL Acceleration, each cluster can be set up to serve
different real servers.

New and Join

Each time you perform an initial setup of an VPN Gateway and select

new

in the Setup menu, you create a new cluster which initially only has one
single member. You can add one or more VPN Gateways to any existing
cluster by performing an initial setup and select

join

in the Setup menu.

Configuration is Replicated among Master NVGs

The configuration parameters are stored in a database, which is replicated
among the VPN Gateways designated as masters in a cluster. By default,
the first four VPN Gateways in a given cluster are set up as masters.
Additional NVGs are automatically set up as slaves, which means they
depend on a master NVG in the same cluster for proper configuration.
However, even if three of the masters fail, the remaining NVG(s) are still
operational and can have configuration changes made to them. Note
that one master at a minimum has to be functional to be able to make
configuration changes. If all masters have failed, the slaves will still be
capable of processing SSL traffic.

Clustering Over Multiple Subnets

The SSL VPN software supports clustering over multiple subnets. If more
than one VPN Gateway is required and the VPN Gateway you wish to
join to the cluster is installed in a different subnet, the new NVG must be
configured as a slave. Master NVGs cannot exist on different intranet
subnets.

Nortel VPN Gateway

User Guide

NN46120-104

02.01

Standard

14 April 2008

Copyright © 2007-2008 Nortel Networks

.