Cisco Cisco Packet Data Gateway (PDG)
HA functions are triggered for the following events:
• Route Processor (RP) failure
• Virtual Machine (VM) failure
• VSM failure
• Link failure
The IPSec HA architecture is based on StarOS Interchassis Session Recovery (ICSR). For a complete
description of ICSR and its configuration requirements, see the VPC-VSM System Administration Guide.
description of ICSR and its configuration requirements, see the VPC-VSM System Administration Guide.
Important
Process Recovery
The process recovery feature stores backup Security Association (SA) data in an AAA manager task. This
manager runs on the SecGW where the recoverable tasks are located.
manager runs on the SecGW where the recoverable tasks are located.
Figure 4: Process Recovery Diagram
VSM-to-VSM ICSR 1:1 Redundancy
In this redundancy scenario, Interchassis Session Recovery ICSR utilizes the Service Redundancy Protocol
(SRP) implemented between VMs in a VSM running separate instances of VPC-VSM/SecGW in the same
ASR 9000 chassis.
(SRP) implemented between VMs in a VSM running separate instances of VPC-VSM/SecGW in the same
ASR 9000 chassis.
VSM card status data is exchanged between VPN managers on active and standby VSMs via SRP. SA data
is also exchanged via SRP.
is also exchanged via SRP.
The VPC-VSM System Administration Guide fully describes ICSR configuration procedures.
SecGW Administration Guide, StarOS Release 19
9
Security Gateway Overview
Process Recovery