![]() ![]() When a failover occurs, all routes to and from the Primary Security Appliance are still valid for the Secondary Security Appliance. The Virtual MAC address greatly simplifies this process by using the same MAC address for both the Primary and Secondary Security Appliances. Until this ARP request propagates through the network, traffic intended for the Primary Security Appliance’s MAC address can be lost. ![]() The Secondary Security Appliance must issue an ARP request, announcing the new MAC address/IP address pair. Because the Security Appliances are using the same IP address, when a failover occurs, it breaks the mapping between the IP address and MAC address in the ARP cache of all clients and network resources. Without Virtual MAC enabled, the Active and Standby Security Appliances each have their own MAC addresses. Convergence time is the amount of time it takes for the devices in a network to adapt their routing tables to the changes introduced by high availability. The Virtual MAC address allows the High Availability pair to share the same MAC address, which dramatically reduces convergence time following a failover.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |