[strongSwan] High availability failover problem
unite
unite at openmailbox.org
Wed Mar 11 09:14:53 CET 2015
On 2015-03-10 15:24, Martin Willi wrote:
>> Then you should check if ClusterIP works as expected, and both on the
>> inbound and outbound paths the ESP packets hit both nodes.
>
> To clarify, on the outbound path this of course is plain traffic
> subject
> to ESP encapsulation.
>
> Regards
> Martin
Thanks, Martin!
Probably I've misunderstood something, but I don't use clusterip in my
setup, so it is not active/active setup, but rather active/standby with
VRRP (there are some issues with unicast IP to multicast MAC bindings).
I had a converstion with some guys here in the list and they told me
that I can use HA plugin in active/standby mode without using CLUSTERIP.
Is it essential for both nodes to receive all the ESP packets? Cannot be
ESP sequence numbers synchronized through the HA plugin?
--
With kind regards,
Aleksey
More information about the Users
mailing list