Use Multiple ProxySGs to Provide Failover in an IPv6 Environment

book

Article ID: 167080

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Scenario

Use multiple ProxySGs to provide failover in an IPv6 environment. The ProxySGs can be deployed either in parallel or serial mode.

Solution

The ProxySG failover works the same in IPv6 environment as it is in the IPv4 environment. User can have one virtual IPv6 address to be used for failover.

Resolution

Deployment

  1. Configure ProxySG to have both IPv4 and IPv6 connectivity. See Deploy ProxySG as an IPv6 Transitional Device.
     
  2. Create an IPv6 virtual address. This is the address that the clients will be connecting to, and is the name of the failover group:
    #(config)virtual-ip address <virtul-ipv6-address>
     
  3. Configure failover on all the ProxySGs participating in the failover group:
    #(config)failover
    #(config failover)create <virtual-ipv6-address>
    #(config failover <virtual-ipv6-address>)

     
  4.  ProxySG failover group will automatically pick a master ProxySG, using the numerically highest local IP address as the default master. It is also possible to force one of the ProxySG to be the master:
    #(config failover <virtual-ipv6-address>)master

    This automatically puts this ProxySG to have the highest failover priority.
  5.  It is also possible to create a shared secret between the failover ProxySGs. The secret can be set using the following command:
    #(config failover <virtual-ipv6-address>) secret <key>
     
  6. If the users are connecting to the ProxySG explicitly using the virtual IP address, the configuration is complete at this point.  However, if the users are connected to the Internet transparently, the system administrator needs to  configure the bridge:
    #(config)bridge
    #(config bridge)edit <bridge-name>
    #(config bridge <bridge-name>)
    failover mode serial|parallel

    The mode should correspond to the network scenario. If the ProxySGs are deployed in serial mode, setting the bridge in serial mode will result in the packet being forwarded when the ProxySG is in standby mode.  By setting it in parallel mode, the bridge will drop the packet when the ProxySG is in standby.
  7. Register this bridge with the failover group created in the previous step:
    #(config bridge <bridge-name>)failover group <virtual-ipv6-address>

Network Diagram

Attachments