07-31-2017 11:21 AM - edited 02-21-2020 09:23 PM
GETVPN is providing redundancy. but can it provide load balancing ? If yes then how please explain
Solved! Go to Solution.
08-01-2017 01:18 AM
ETEHi,
Thanks for clarifying.
COOP KSs provide redundancy to GET VPN. Multiple KSs are supported by
The primary KS is responsible for creating and distributing group policy. It also periodically sends out group information updates to all other KSs to keep those servers in synchronization. If the secondary KSs somehow miss the updates, they contact the primary KS to directly request information updates. The secondary KSs mark the primary KS as unreachable if the updates are not received for an extended period of time.
Cooperative GDOI KSs can jointly manage the GDOI registrations for the group, which achieves load balancing during GM registration process. When a new policy is created on a primary KS, the primary KS to distribute rekey messages to GDOI GMs regardless of which KS a GM is registered with.
COOP KSs use announcement messages to communicate with each other. These messages are exchanged on UDP port 848, as defined for GDOI. All KS-to-KS messages are secured using Phase I (ISAKMP) negotiated keys.
Primary KSs periodically send announcement messages to the secondary KSs. These messages enable the KSs to exchange state information about GMs and policies. The various components of these messages are:
----KS sender priority:
This value describes the priority of the sender, which is configurable using the CLI. The KS with the highest priority becomes the primary KS. If two KSs have the same priority, the KS with the highest IP address becomes the primary KS.
--- KS role:
This value describes the role of a KS (primary or secondary).
--- Group policies:
---Group policies are maintained for a group and include information such as GM information and IPsec SAs and keys.
Regards,
Aditya
Please rate helpful and mark correct answers
07-31-2017 10:14 PM
Hi,
Remember that one of GETVPN's key features is IP Header Preservation - the original IP header inside the IPsec packet is preserved so the packet will be routed the same.
So the answer to your question is as long as HSRP/VRRP/GLBP is enabled and
working in your network to route traffic across the network GETVPN will continue doing its job of encrypting the packets.
Regards,
Aditya
Please rate helpful and mark correct answers
07-31-2017 11:52 PM
08-01-2017 01:18 AM
ETEHi,
Thanks for clarifying.
COOP KSs provide redundancy to GET VPN. Multiple KSs are supported by
The primary KS is responsible for creating and distributing group policy. It also periodically sends out group information updates to all other KSs to keep those servers in synchronization. If the secondary KSs somehow miss the updates, they contact the primary KS to directly request information updates. The secondary KSs mark the primary KS as unreachable if the updates are not received for an extended period of time.
Cooperative GDOI KSs can jointly manage the GDOI registrations for the group, which achieves load balancing during GM registration process. When a new policy is created on a primary KS, the primary KS to distribute rekey messages to GDOI GMs regardless of which KS a GM is registered with.
COOP KSs use announcement messages to communicate with each other. These messages are exchanged on UDP port 848, as defined for GDOI. All KS-to-KS messages are secured using Phase I (ISAKMP) negotiated keys.
Primary KSs periodically send announcement messages to the secondary KSs. These messages enable the KSs to exchange state information about GMs and policies. The various components of these messages are:
----KS sender priority:
This value describes the priority of the sender, which is configurable using the CLI. The KS with the highest priority becomes the primary KS. If two KSs have the same priority, the KS with the highest IP address becomes the primary KS.
--- KS role:
This value describes the role of a KS (primary or secondary).
--- Group policies:
---Group policies are maintained for a group and include information such as GM information and IPsec SAs and keys.
Regards,
Aditya
Please rate helpful and mark correct answers
08-01-2017 03:22 AM
Thanks Aditya
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide