beautypg.com

Nortel Networks WEB OS 212777 User Manual

Page 355

background image

Web OS 10.0 Application Guide

Chapter 14: Virtual Private Network Load Balancing

n

355

212777-A, February 2002

Figure 14-1 Basic Network Frame Flow and Operation

The basic steps that occur at the switches when a request arrives from the Internet are
described below:

1.

The user prepares to send traffic to the destination server.

2.

The VPN client software encrypts the packet and sends it to the cluster IP address of the
VPN devices.

3.

Switch 1 (SW1) makes an entry in the session table and forwards the packet to VPN
device 1.

The selection of the VPN device is based on the hash load-balancing metric.

4.

The VPN device strips the IP header and decrypts the encrypted IP header.

5.

Switch 2 (SW2) forwards the packet to E.10.

If an entry is found, the frame is forwarded normally. If an entry is not found, the switch deter-
mines which VPN device processed the frame by performing a lookup with the source MAC
address of the frame. If the MAC address matches a MAC address of a real VPN server, the
switch adds an entry to the session table so that reverse traffic is redirected to the same VPN
server. Finally, the frame is forwarded normally.