SSL VPN
Reply
Contributor
Lord_Edam
Posts: 26
Registered: ‎11-09-2009
0
Accepted Solution

4500 multi-site A/P cluster?

We're looking to buy a second SA4500 for our DR site. This will be located in a different subnet on our internal network with full layer3 access between it and the primary box, but we can't decide if this should be stand-alone & managed seperately or if we can join it to our primary box in a cluster and have configuration changes migrate seamlessly.

 

I've seen a few posts on here mention multi-site clustering, but our sales guys keep telling us clusters need to have layer-2 connectivity, which would mean tagging the VLAN over our internal network - not an idea we like!

 

Is this true, or can I have two clustered 4500s on different subnets? Can they be active/passive, or would they need to be active/active?

 

 

Trusted Contributor
markpr
Posts: 70
Registered: ‎01-23-2008
0

Re: 4500 multi-site A/P cluster?

[ Edited ]

Something to consider is that although multi-site clustering is available on your SA4500 hardware, it has been deprecated on the new MAG series with IVE 7.1. I would take multi-site clustering off as an option - maybe that's why your sales guys are steering you away from it.

Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: 4500 multi-site A/P cluster?

Active/Passive clustering cannot be done over the WAN (in this case meaning different subnets); this configuration type requires active/active. You *can* do it for active/active, but the latency needs to be very minimal.
Contributor
Lord_Edam
Posts: 26
Registered: ‎11-09-2009
0

Re: 4500 multi-site A/P cluster?

thanks - if they're planning on getting rid of this feature in newer hardware we'll just set the DR site as a standalone and push the configuration to it.

 

we were hoping to leverage the sharing of licenses across the cluster so we wouldn't have to buy more for DR, but we'll just get an ICE license instead.

 

cheers

Trusted Contributor
SonicBoom
Posts: 195
Registered: ‎07-06-2009
0

Re: 4500 multi-site A/P cluster?

this is pretty much the exact same scenario i am faced with, but we already have a second sa4500 with a 500 user ICE license in another state for DR and i do push the config once a month or so, the problem lies with the duplicate network since its a DR site, i was almost going to buy a third sa4500 with a 250 user cluster license and set them to A/A.  total cost would have been around 20k, luckily we are now looking at some 10Gb ideas which will let our DR site behave as if its one big network and allow me to set the current box to A/A with just the need for the cluster license.

Power On
http://vology.com
Visitor
ogre12
Posts: 6
Registered: ‎08-02-2012
0

Re: 4500 multi-site A/P cluster?

in terms of latency what is acceptable..I have two sa4500s one in florida and one in new york (soon to move to ohio)? what are the pitfalls of running these devices in A/A mode? I am familiar with clustering in a previous environment however it was much easier to manage since both devices sat in racks across from each other and shared the same subnet, etc.  This is not the case here and now. Any assistance that you provide is greatly appreciated.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.