Cisco Cisco Packet Data Gateway (PDG)
Security Gateway Overview
ASR 9000 VSM IPSec High Availability ▀
SecGW Administration Guide, StarOS Release 18 ▄
19
ASR 9000 VSM IPSec High Availability
This section briefly describes the IPSec High Availability (HA) capabilities for VSM service cards within an ASR 9000
For this release the ASR 9000 supports the following levels of High Availability
HA functions are triggered for the following events:
Route Processor (RP) failure
Virtual Machine (VM) failure
VSM failure
Link failure
Important:
The IPSec HA architecture is based on StarOS Interchassis Session Recovery (ICSR). For a complete
description of ICSR and its configuration requirements, see the VPC-VSM System Administration Guide.
Process Recovery
The process recovery feature stores backup Security Association (SA) data in an AAA manager task. This manager runs
on the SecGW where the recoverable tasks are located.
on the SecGW where the recoverable tasks are located.
Figure 4.
Process Recovery Diagram
VSM-to-VSM ICSR 1:1 Redundancy
In this redundancy scenario, Interchassis Session Recovery ICSR utilizes the Service Redundancy Protocol (SRP)
implemented between two VSMs running separate instances of VPC-VSM/SecGW in the same ASR 9000 chassis.
implemented between two VSMs running separate instances of VPC-VSM/SecGW in the same ASR 9000 chassis.