We've got two Nokia 530 platforms running FW-1 v4.1
in a failover configuration with VRRP.
This is a managed service that we've
outsourced.
Our managed service provider says that the failover
is stateful - all session information is maintained on both
platforms.
In testing we have reason to believe that the
stateful session information is either not current or not being passed; that
failover is non-stateful.
Testing included FTP file transfers which broke
during a failover test...
Our provider mentioned an additional protocol that
is used to pass session state information, as VRRP is not designed for stateful
failover.
Can somebody please point me to a URL or
explain the stateful failover capability of FW-1 v4.1 (prefer an
implementation on Nokia)?
If this configuration can in fact provide a
stateful failover capability, any reason why FTP transfers would fail during a
failover event? If the session info is updated to the alternate platform
from the primary, we would expect to see the transfer continue (maybe a few TCP
retransmissions at most). I saw something about a 50ms SYNC interval, but
I don't believe that would be a problem.
Bonus question: if FW-1 (or Nokia) has its own
protocol for session updates to share state information, why need VRRP to detect
a failure?
Thanks,
-Rob Patrick
|