Cisco Systems 1000 Series Manual De Usuario
6-8
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide
OL-16506-17
Chapter 6 High Availability Overview
IPsec Failover
IPsec Failover
IPSec failover is a feature that increases the total uptime (or availability) of a customer's IPSec network.
Traditionally, this is accomplished by employing a redundant (standby) router in addition to the original
(active) router. If the active router becomes unavailable for any reason, the standby router takes over the
processing of IKE and IPSec. IPSec failover falls into two categories: stateless failover and stateful
failover.
Traditionally, this is accomplished by employing a redundant (standby) router in addition to the original
(active) router. If the active router becomes unavailable for any reason, the standby router takes over the
processing of IKE and IPSec. IPSec failover falls into two categories: stateless failover and stateful
failover.
The IPsec on the Cisco ASR 1000 Series Router supports only stateless failover. Stateless failover uses
protocols such as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and
also allows the active and standby VPN gateways to share a common virtual IP address.
protocols such as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and
also allows the active and standby VPN gateways to share a common virtual IP address.
Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding
path failure detection times for all media types, encapsulations, topologies, and routing protocols. In
addition to fast forwarding path failure detection, BFD provides a consistent failure detection method
for network administrators. Because the network administrator can use BFD to detect forwarding path
failures at a uniform rate rather than the variable rates for different routing protocol hello mechanisms,
network profiling and planning is easier, and reconvergence time is consistent and predictable.
path failure detection times for all media types, encapsulations, topologies, and routing protocols. In
addition to fast forwarding path failure detection, BFD provides a consistent failure detection method
for network administrators. Because the network administrator can use BFD to detect forwarding path
failures at a uniform rate rather than the variable rates for different routing protocol hello mechanisms,
network profiling and planning is easier, and reconvergence time is consistent and predictable.
On the Cisco ASR 1000 Series Routers, BFD for IPv4 Static Routes and BFD for BGP are supported.
For more information on BFD, see the
document.