Reliability

If a security device fails, your connectivity goes down. To minimise the potential for a single point of failure, Juniper Networks firewall and VPN solutions support device redundancy for high availability. This high availability is critical to maintaining network protection from an attack, even in the event of a device failure. Our security solutions incorporate high availability capabilities based on a set of protocols, features and tools that are included as part of our overall solution.

The highly reliable nature of our hardware and redundant system designs means that we can provide some of the most comprehensive high availability security solutions available today. We bring together redundancy features at the component, link and system level to enable our solutions to survive multiple failures and ensure the connection can persist.

Our high availability is centered around a redundancy protocol known as the NetScreen Redundancy Protocol (NSRP) that enables a redundant pair of our security systems to be easily integrated into a high availability network architecture, with redundant physical connections between the systems and the adjacent network switches. With link redundancy, we can address many common causes of system failures, such as a physical port going bad or a cable getting disconnected, to ensure the connection is available, without having to fail over the entire system. Our devices also come with multiple fans and power supplies, to support device availability.

When deployed in redundant pairs, the operating system will automatically mirror the configuration between redundant systems to provide active firewall and VPN session maintenance. We synch both static information, such as the configuration, and dynamic run-time information. As a result, during failover synchronization the following information is shared: connection/session state information, IPSec security associations, NAT traffic, address book information, configurations changes, and more.

Our solutions also employ a sophisticated fail-over algorithm to reroute network traffic to provide near-zero interruption, in the case of device failure. In a failover event, the backup unit already contains the necessary network configurations; session state and security associations to continue to process existing traffic in sub-second failover times. With our built-in failover protocols and dynamic routing, you can deploy our systems in a fully-meshed network environment or in a load-sharing environment.

The high availability functionality that has been built in to our security products provides several configuration options including:
 

• Active/passive: One device acts as a master and the other as its backup. The master propagates all its network and configuration settings and the current session information to the backup. Should the master fail, the backup is promoted to master and takes over the traffic processing.

• Active/active: Both devices are configured to be active, sharing the traffic distributed between them by load-sharing. Each device receives approximately 50% of the network and VPN traffic. Should one device fail, the other device becomes the master and handles 100% of the traffic.

• Active/active full mesh: Both devices are configured to be active with network and VPN traffic flowing through each. Should one device fail, the other device becomes the master and continues to handle 100% of the traffic. In full mesh mode, throughput adjustments must be made to ensure that if a failover occurs, the device performance is not hindered in any way.

In order to achieve maximum availability and ensure synchronization between two devices, our higher-end products1 have a pair of dedicated high availability interfaces. Should the connection to one interface be lost for some reason, synchronization information will fail over using the other interface.

To determine if a failure has occurred and initiate a failover, heartbeat messages are sent on a configurable interval (minimum 200ms). The following events can be used to initiate a failover event:

• Loss of heartbeat
   

• Loss of link on any interface
   

• Loss of access to a configured IP address or set of monitored IP addresses

In addition to configurable failover, a rich toolset for customizing the HA environment to the network's requirements is available to the administrator. Juniper Networks provides a very available solution to ensure your network is protected.


1 Redundant HA interfaces are available on the NetScreen-200 Series, the NetScreen-500 and the NetScreen-5000 Series.