beautypg.com

Virtual links with partitioned backbone – Amer Networks E5Web GUI User Manual

Page 303

background image

Figure 4.14. Virtual Links with Partitioned Backbone

The virtual link is configured between fw1 and fw2 on Area 1 as it is used as the transit area. In the
configuration, only the Router ID has to be configured, as in the example above show fw2 need to
have a virtual link to fw1 with the Router ID 192.168.1.1 and vice versa. These virtual links need to
be configured in Area 1.

To set this feature up in cOS Core, see Section 4.6.3.6, “OSPF VLinks”.

OSPF High Availability Support

There are some limitations in High Availability support for OSPF that should be noted:

Both the active and the inactive part of an HA cluster will run separate OSPF processes, although
the inactive part will make sure that it is not the preferred choice for routing. The HA master and
slave will not form adjacency with each other and are not allowed to become DR/BDR on
broadcast networks. This is done by forcing the router priority to 0.

For OSPF HA support to work correctly, the Clavister Security Gateway needs to have a broadcast
interface with at least ONE neighbor for ALL areas that the security gateway is attached to. In
essence, the inactive part of the cluster needs a neighbor to get the link state database from.

It should also be noted that is not possible to put an HA cluster on the same broadcast network
without any other neighbors (they will not form adjacency with each other because of the router
priority 0). However, it may be possible, depending on the scenario, to setup a point to point link
between them instead. Special care must also be taken when setting up a virtual link to an
security gateway in an HA cluster. The endpoint setting up a link to the HA security gateway
must setup 3 separate links: one to the shared, one to the master and one to the slave router id
of the security gateway.

Using OSPF with cOS Core

When using OSPF with cOS Core, the scenario will be that we have two or more Clavister Security
Gateways connected together in some way. OSPF allows any of these security gateway to be able
to correctly route traffic to a destination network connected to another security gateway without

Chapter 4: Routing

303

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: